v1.0.1

Skill Openclaw Library Monitor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:28 AM.

Analysis

The skill’s behavior matches its stated purpose of checking library availability and notifying the user, though it uses shell commands, local storage, network requests, scheduled monitoring, and optional email credentials that should be configured carefully.

GuidanceBefore installing, make sure you are comfortable with a local Python tool that stores a book list, contacts Shenzhen Library, can run a foreground scheduler, and may use SMTP credentials for email alerts. Use a virtual environment, review config.yaml, prefer an app-specific email password, and confirm commands that remove books or start monitoring.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

tools:
  - bash
...
- Add a book: Use bash to run "python main.py add --title <title> [--author <author>] [--monitor]"

The skill explicitly uses bash to run a local CLI with user-supplied values. This is central to the skill, but command arguments should be handled carefully.

User impactBook titles, authors, and IDs you provide may be passed into local commands that read or modify the local book list or start monitoring.

RecommendationInvoke these commands only for clear user requests, quote user-provided arguments, and confirm remove, toggle, and monitor actions before running them.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

requests>=2.31.0
beautifulsoup4>=4.12.0
lxml>=4.9.0
schedule>=1.2.0
python-dotenv>=1.0.0
pyyaml>=6.0

The Python dependencies are installed from external package sources using lower-bound version ranges rather than exact pinned versions.

User impactFuture installs may resolve to newer dependency versions than the author tested.

RecommendationInstall in a virtual environment and consider pinning or reviewing dependency versions before use.

Rogue Agents

SeverityLowConfidenceHighStatusNote

scheduler.py

schedule.every(interval).minutes.do(self.check_monitoring_books)
...
while self.running:
    schedule.run_pending()
    time.sleep(60)

The monitor command runs repeatedly until stopped. This is disclosed scheduled monitoring and is not hidden persistence, but it can continue making checks and sending notifications while active.

User impactIf you start monitoring, the process may keep running, periodically contacting the library service and sending configured alerts.

RecommendationStart the scheduler only when desired, use a reasonable interval, and stop it when you no longer want periodic checks.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

notifier.py

self.password = config.get("password", "")
...
server.login(self.sender, self.password)
server.send_message(msg)

Email notifications use an SMTP password from the user’s configuration to authenticate and send messages. This is expected for email alerts but grants email-sending authority.

User impactIf email notifications are enabled, the configured SMTP account can be used to send availability alerts to the configured recipients.

RecommendationUse an app-specific SMTP password where possible, limit recipients, and avoid reusing a primary email password in shared or untrusted directories.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityInfoConfidenceHighStatusNote

SKILL.md

- Book data is stored in `book_list.json`

The skill persists a local record of monitored books and their status. This is disclosed and purpose-aligned, but it may reveal reading interests.

User impactAnyone with access to the local book_list.json file may be able to see the books you are tracking.

RecommendationKeep the skill directory and book_list.json in a private location if your reading list is sensitive.