Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Junyi Client Follow-up
v1.0.0儿童成长规划月度跟进工具(客户版)。定时发送复盘问卷、收集家长反馈、格式化整理后转发给规划师。不做评估、不做策略调整、不改报告。覆盖 0-8 岁。触发词:月度跟进、成长复盘、followup、跟进一下孩子、复盘一下、发问卷。不处理:出规划、评估进展、修改报告、医学诊断。
⭐ 0· 85·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims it will not read or modify planning reports, yet the workflow explicitly says it will "读取规划文档末尾的 plan_meta" (read plan_meta). It also requires a planner contact to forward feedback, but this required configuration is not declared in the registry metadata as an env/credential. These are mismatches between stated purpose/constraints and required actions.
Instruction Scope
Runtime instructions include reading plan_meta, reading parent replies (including original text for redline cases), formatting and forwarding messages to a planner contact, and writing limited memory fields. There are internal contradictions: a privacy whitelist forbids writing child names and parents' original words to memory, but the spec also requires including child names and (for redlines) the parent's original text in messages to the planner. The skill does not specify the messaging endpoints/protocols it will use to send questionnaires or forward replies.
Install Mechanism
Instruction-only skill with no install spec or code files, so nothing is written to disk at install time. This is the lowest-risk install mechanism. However, it does require configuration in openclaw.json which is described in SKILL.md (see environment/proportionality).
Credentials
SKILL.md requires an openclaw.json entry setting PLANNER_CONTACT (planner's contact like Feishu open_id), but the registry metadata lists no required env vars or primary credential. The skill will necessarily need access to messaging/notification capabilities and the planner contact; those requirements are not declared, creating a gap between declared and actual needed credentials/config.
Persistence & Privilege
always is false and there is no install-time persistence. The skill claims limited memory writes (child_uid, plan_id, status, state, followup_count, 最近跟进日期) and explicitly forbids storing PII like child name or parents' original text. That limited, scoped persistence is proportionate — but see instruction_scope concerns about contradictions around forwarding original parent text.
What to consider before installing
Before installing, ask the publisher to clarify and (ideally) update the skill metadata and documentation: 1) Explicitly declare required configuration/credentials (PLANNER_CONTACT and any messaging channel tokens) in registry metadata so you know what will be supplied. 2) Resolve the contradiction about "不碰报告" vs reading plan_meta — confirm where plan_meta is stored and ensure reading it does not expose full report content. 3) Confirm exactly what data is written to memory and what is only transmitted transiently; ensure PII (child name, parent messages) is never persisted if that is the intent. 4) Verify the outbound endpoints and delivery mechanism (platform messaging, Feishu, email, etc.) and ensure they are acceptable and secure. 5) Ensure redline forwarding behavior and retention policy are approved by privacy owners (original parent text is forwarded to planners in redline cases). If the publisher cannot or will not clarify these points, treat the skill cautiously — it poses privacy/configuration risks despite appearing functionally coherent.Like a lobster shell, security has layers — review code before you run it.
latestvk971th95vn18fb66pgx6rxnxt983atzt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.