PaperDaily

The skill delegates all core logic to an external dependency (openclaw-paperdaily) and requires sensitive Feishu API credentials (FEISHU_APP_SECRET). Most notably, SKILL.md instructs users to store these credentials in a .env file located inside the node_modules directory, which is highly irregular and could be used to obscure sensitive data from standard project audits. The lack of transparency in the external package combined with unusual secret management practices poses a significant risk.