Skillv1.0.0

ClawScan security

阅读清单 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 1:56 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions generally match a reading-list workflow, but there are unexplained mismatches (notably a hard-coded storage path and claimed integrations with no credentials or install steps), so you should verify details before installing.
Guidance: This skill appears to be a plain instruction-only reading-list helper, but it documents storing data at ~/.openclaw/workspace/memory/reading-list.json even though the registry lists no config paths — ask the author to confirm where data is stored and whether the agent will create/modify that file. Also confirm how exports to Notion/Obsidian and reminders work: if they integrate with external services, they'll need API tokens (which are not declared). Because this is instruction-only, the agent itself will perform any web fetches/summaries; consider whether you are comfortable letting the agent access remote URLs and write a file under your home directory. If you want to proceed, back up that path first, and request the author to (a) document exactly which network calls occur, (b) explain export/auth flows, and (c) optionally allow configuring the storage path.

Review Dimensions

Purpose & Capability: noteName/description (管理和追踪阅读清单、推荐、笔记、导出等) align with the SKILL.md features. However the manifest declared no config paths or credentials while the README explicitly states data is stored at ~/.openclaw/workspace/memory/reading-list.json — this is an undeclared persistent storage location and a mismatch with the registry metadata.
Instruction Scope: concernSKILL.md instructs the agent to add/remove/archive items, summarize URLs/PDFs/Markdown, and export/share. It explicitly names a local storage path for the reading list. The instructions do not specify how external content (URLs, PDFs) will be fetched/parsed or how exports to Notion/Obsidian or reminders are implemented, leaving open whether the agent will access the network, local files, or require external credentials.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing will be downloaded or written by an installer step.
Credentials: noteThe skill declares no required environment variables or credentials, which is consistent with a purely local reading-list. However the SKILL.md mentions exports (Notion/Obsidian) and reminders which typically require API keys or access to notification channels; the absence of any declared env vars or instructions for obtaining credentials is an unresolved inconsistency.
Persistence & Privilege: concernThe skill will persist data to a user home path (~/.openclaw/workspace/memory/reading-list.json) per its documentation. That file location was not declared in the registry metadata. While storing a reading list locally is plausible, persistence to a hard-coded path without prior declaration is a privacy/consent concern and should be confirmed.