每日日报生成器

Security checks across malware telemetry and agentic risk

Overview

This is a local daily-report helper that reads dated OpenClaw memory notes and can save reports, with privacy caveats but no evidence of hidden or destructive behavior.

Install only if you are comfortable with a report generator reading your dated OpenClaw memory notes and turning them into local report files. Review generated reports before sharing them, avoid saving sensitive reports to Desktop or synced folders unless intended, and use a trusted source if installing python-docx for Word export.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases are broad and overlap with ordinary user requests such as 'daily report' or 'work summary', which can cause the skill to activate in contexts where the user did not intend filesystem access or automatic summarization from memory. In this skill, that matters because activation may lead to reading memory files and generating exports, making accidental invocation more privacy-sensitive than a purely conversational tool.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation advertises automatic extraction from memory files and Word export but does not warn that local content may be read and written. Because daily reports often contain sensitive work details, silent aggregation and export can expose private or proprietary information to unintended files or locations.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The example encourages exporting a report to the Desktop without warning that this writes a local file in a broadly visible location. Desktop export can increase the chance of accidental disclosure to other users, screen-sharing participants, backup systems, or sync services.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The workflows normalize automatic access to memory files and automatic saving to the desktop without explicitly indicating consent, confirmation, or preview before action. In an agent context, this can lead to unintended disclosure of sensitive personal or work information and silent creation of files in user-visible locations.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The Word export example implies immediate generation of a .docx file on the desktop without a warning or confirmation step. While lower risk than broad memory access, it still encourages unexpected file creation and possible exposure of sensitive report contents in a predictable location.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal