Skillv1.0.0

ClawScan security

Heartbeat Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 27, 2026, 8:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: Instruction-only monitoring skill is plausible but under-specified: it references a local state file and automatic repair/reminder actions without declaring what credentials, services, or messaging endpoints it will use, so its real runtime scope is unclear.
Guidance: This skill is plausible but under-specified. Before installing or enabling it: 1) Ask the author which services/APIs and credentials the skill will use (email/calendar providers, messaging endpoints). 2) Confirm where reminders are sent and which account or webhook is used for 'message'. 3) Review and sandbox what '自动修复' does — does it send emails, create calendar events, or run other actions? 4) Verify you are comfortable the agent (or other linked skills) already hold necessary credentials rather than this skill requesting them later. 5) If you proceed, monitor the ~/.openclaw/workspace/memory/heartbeat-state.json file for unexpected writes and test in a limited, non-production account first.

Review Dimensions

Purpose & Capability: noteThe name/description (monitor email, calendar, weather, generate health reports) is coherent with the instructions, but the skill does not declare any credentials, APIs, or service endpoints needed to actually check email/calendar/weather. That gap might be intentional (it may rely on other agent skills), but it means the capability-to-requirements mapping is incomplete.
Instruction Scope: concernSKILL.md tells the agent to track last-check times and store them at ~/.openclaw/workspace/memory/heartbeat-state.json and to '自动修复' (trigger missed checks) and '发送提醒', but it is vague about which APIs, accounts, or external endpoints to call and under what authorization. The instructions give the agent broad discretion to invoke checks and send messages without limiting targets or credential use.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing will be downloaded or written during install. That reduces surface risk.
Credentials: noteThe skill declares no required environment variables or credentials, yet its advertised functionality (checking email/calendar) normally requires account credentials. It does reference a single local path for state storage (~/.openclaw/...), which is reasonable, but the absence of declared credentials makes the runtime behavior ambiguous: it will either rely on other skills that hold credentials or attempt to act without them.
Persistence & Privilege: okalways is false and the skill is user-invocable (default). It does read/write its own state file path but does not request system‑wide persistence or modify other skills' configs. No privilege escalation flags detected.