Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ai Sentinel
v1.4.1AI情报追踪系统。当用户需要追踪AI领域动态、生成AI晨报/晚报时使用。触发词:AI情报、AI哨兵、AI资讯、AI动态、科技新闻、论文追踪、开源项目追踪、晨报、晚报。
⭐ 1· 107·0 current·0 all-time
byxiaopeng@xiaopengs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (AI intelligence tracking, reports) align with included parsers, collector, scorer, and reporter scripts. Asking for shell/filesystem/http tools is plausible to run the included Python scripts and fetch web content. However, the SKILL.md claims 'no user data collection' while simultaneously requiring reading local USER.md and MEMORY.md — a contradiction that should be justified.
Instruction Scope
Runtime instructions explicitly mandate reading ./USER.md and ./MEMORY.md ('必须执行'). That is outside pure public-web collection and may expose private project details; the instruction is not optional. The skill also directs use of web search/fetch tools and to save files under ./AI哨兵/, and it enables running shell and filesystem tools — this grants broad discretion to read/write local files and run commands. The SKILL.md is otherwise fairly prescriptive (search queries, fetch, parsing), which helps auditing, but the mandatory local-file read and free shell access are notable scope creep relative to a simple 'news collector'.
Install Mechanism
There is no automated install spec (instruction-only deployment), which reduces install-time risk. The bundle includes many Python scripts and a web UI; running them requires installing standard Python deps (requests, feedparser, pyyaml, jinja2) per README. No remote arbitrary installers or obscure download URLs were detected in the manifest provided.
Credentials
Declared requirements show no environment variables or credentials required. References in docs describe optional API keys (e.g., Twitter bearer token) for extra sources; those are optional and disabled in defaults. Proportionality concern arises from the skill's implicit assumption it can access local USER.md and MEMORY.md: those are not declared as required credentials but the instructions demand reading them. Also config/sources.yaml contains custom feed URLs and an RSSHub instance (brain.zeabur.app, mmchat.zeabur.app, thinkspc.fun) — the skill will make outbound requests to those endpoints if enabled, which may reveal what it is fetching but is not itself a credential request.
Persistence & Privilege
Skill is not 'always: true' and is user-invocable only by default. It does request filesystem and shell tools in SKILL.md (to run included scripts and read/write reports), which is reasonable for a local reporter but increases privilege surface; nothing in the manifest shows it modifies other skills or system-wide configuration.
What to consider before installing
Before installing, consider the following: 1) The skill's instructions explicitly require reading local files ./USER.md and ./MEMORY.md — remove or sanitize any secrets or private data in those files, or refuse that step if you don't want the skill to access them. 2) The skill is allowed to run shell commands and read/write files (it writes reports to ./AI哨兵/) — run it in a sandbox or isolated environment if you are unsure. 3) Review config/sources.yaml and disable any custom/external feeds (RSSHub and private domains like brain.zeabur.app or mmchat.zeabur.app) if you don't want outbound requests to those hosts. 4) The code bundle contains parsers and a web UI — if you plan to run the web UI, ensure it is not exposed to untrusted networks. 5) Optional APIs (e.g., Twitter/X) are documented but disabled by default; only supply API keys if you trust the code. If you want to proceed: audit the scripts (scripts/collect.py, parsers/*, reporter.py) locally, run with network access restricted to known sources, or run inside a container with limited filesystem visibility.Like a lobster shell, security has layers — review code before you run it.
latestvk970vd9q9807yfaas7catmwybx84tv01
License
MIT-0
Free to use, modify, and redistribute. No attribution required.