Skillv1.0.0

ClawScan security

会议纪要助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 26, 2026, 2:48 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's bundled code only implements local minutes extraction, but the documentation claims TODO extraction and multi-channel push without providing the corresponding scripts or declaring credentials — an incoherent mismatch that warrants caution.
Guidance: This package contains one benign-looking Python script that converts local meeting notes into a markdown summary, but the README/ SKILL.md advertises extra features (TODO extraction and pushing summaries to 企业微信/飞书/钉钉) while the corresponding scripts and any required credentials are absent. Before installing or running: 1) don't run any push/unknown scripts from this package unless you inspect them first; 2) ask the author for the missing extract_todos.py and push_minutes.py or for clear documentation on how to securely provide credentials (webhooks/API tokens); 3) if you need push integration, prefer an implementation that explicitly declares required env vars and shows how tokens are stored/used; 4) run the provided script in a sandbox or review its code (it is short and local-only) and avoid giving this skill access to service tokens until you verify the push code and endpoints. If the missing scripts are later added, re-evaluate for network calls, hard-coded endpoints, or credential usage.

Review Dimensions

Purpose & Capability: concernThe name/description promise multi-channel push (企业微信/飞书/钉钉) and TODO extraction, but the package only contains a single script (scripts/extract_minutes.py) that performs local text parsing; push and todo scripts referenced in SKILL.md are missing and no environment variables/credentials are declared for external services. The listed capabilities are not matched by the provided artifacts.
Instruction Scope: concernSKILL.md instructs the agent to run scripts extract_todos.py and push_minutes.py and demonstrates push commands to external channels, but those scripts are not present. The included extract_minutes.py works only on local files and does not reach out to the network or read extra system state; however the runtime instructions give the agent permission/expectation to execute non-existent network-capable scripts, creating ambiguity about actual behavior if the missing scripts are later added or fetched.
Install Mechanism: okNo install spec is provided (instruction-only plus a small Python script). There is no download or external installer, so nothing will be implicitly written to disk beyond the provided files. This is a low-risk install mechanism as presented.
Credentials: concernNo environment variables or credentials are declared, yet the skill claims it can push to enterprise messaging platforms which would normally require API keys/tokens and webhooks. Either credentials are omitted from metadata (incoherent) or the push functionality isn't implemented. The single included script does not require secrets, but the documented features would.
Persistence & Privilege: okThe skill does not request always:true and has no elevated persistence or system-wide config changes. It appears to be user-invocable only and does not autonomously demand permanent presence.