Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
CNKI Watch
Security checks across static analysis, malware telemetry, and agentic risk
Overview
CNKI Watch appears to do what it advertises, but it needs sensitive CNKI/OpenClaw access and can create recurring jobs that post into chat.
Before installing, be comfortable with giving the skill CNKI access, allowing it to post subscription updates into OpenClaw, and letting it create recurring jobs. Review the full script/package lock if you need high assurance, disable automatic npm install if desired, and use list-subscriptions/unsubscribe to manage persistent watches.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Using the skill may give it access to a CNKI session or account credentials configured for the skill.
Why it was flagged
The skill may use a CNKI account session cookie or username/password. That is expected for authenticated CNKI access, but it is sensitive account material.
Skill content
Prefer `CNKI_COOKIE`. `CNKI_USERNAME` plus `CNKI_PASSWORD` is a fallback path for establishing a CNKI login session.
Recommendation
Prefer a dedicated or limited CNKI cookie if possible, store credentials only in the intended OpenClaw skill config, and remove or rotate them when no longer needed.
What this means
On first use, the skill may run npm and install dependencies into the skill directory.
Why it was flagged
The script can launch npm to install missing JavaScript dependencies. The command and arguments are fixed and the behavior is documented, but it still executes an external package-management command.
Skill content
const child = spawn(npmCommand, installArgs, { cwd: SKILL_DIR, env: process.env, stdio: "inherit" });Recommendation
Review package.json/package-lock.json, consider running npm install manually, or set CNKI_WATCH_AUTO_INSTALL=0 if you do not want first-run automatic installs.
Medium
What this means
A subscription can continue running and posting CNKI metadata until the user removes it.
Why it was flagged
The skill intentionally creates recurring subscription jobs that keep running and post updates back to chat. This persistence is the stated purpose, but users should understand it.
Skill content
journal subscription: periodically push new papers from a named journal ... Subscription jobs run as isolated cron turns ... The script is responsible for posting new findings back to the main OpenClaw chat
Recommendation
Create subscriptions only when intended, review them with list-subscriptions, and remove unwanted ones with unsubscribe.
What this means
The skill can authenticate to the local OpenClaw gateway for chat-delivery behavior.
Why it was flagged
The script reads the local OpenClaw gateway port and auth token so it can deliver subscription updates back into the main chat. This is purpose-aligned but involves local gateway authority.
Skill content
gateway: { port: openClawConfig.gateway?.port ?? 18789, token: openClawConfig.gateway?.auth?.token ?? null }Recommendation
Install only if you are comfortable with the skill posting subscription updates into OpenClaw, and keep your OpenClaw config file protected.