Skillv1.0.0

ClawScan security

乐知班温馨提醒 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 7:55 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and required actions are consistent with its stated purpose (opening a webpage to generate an image, copying it from Downloads into the agent workspace, and sending it via Feishu), but it assumes macOS tools, an external generation website, automatic sending, and local file operations that the user should review before use.
Guidance: Before installing or enabling this skill, consider the following: - Trust the external site: the skill opens https://lezhiban.yzhu.host/ in your browser to generate images. Only proceed if you trust that domain and its content. - Platform & OS assumptions: the instructions use macOS-specific commands (open, osascript). If you are not on macOS, the workflow may fail. - Automatic sending: the skill is designed to auto-send generated images to Feishu. If you want manual review before sending, modify the flow to require explicit user confirmation instead of sending automatically. - Browser interaction: the skill will close the browser front window after download; this can interrupt your work. Consider removing or modifying the close step if disruptive. - File operations & cleanup: it copies files from ~/Downloads into ~/.openclaw/workspace and runs find -delete for old files. Verify file name patterns and cleanup scripts to avoid accidental deletion of unrelated files; update any hardcoded personal paths (e.g., /Users/yzhu/...) to match your environment. - Feishu configuration: ensure the agent/platform has Feishu configured and authorized; the SKILL.md does not declare or request credentials directly. - Test first: run a dry run with a non-sensitive note and verify the generated file, the copy, and the send behavior before enabling automatic use. If you are comfortable trusting the external generator and you accept the automatic file and browser operations, the skill appears coherent with its stated purpose. Otherwise, request edits to remove auto-send/auto-close/auto-delete behaviors and to replace personal paths with configurable ones.

Review Dimensions

Purpose & Capability: okThe skill's name/description (generate reminder images and send via Feishu) matches the instructions: open an external URL that generates an image, copy the downloaded image into the agent workspace, and call the message tool to send to Feishu. No unrelated credentials, installs, or binaries are requested. Note: it depends on an external domain (https://lezhiban.yzhu.host/) and macOS-specific tooling (osascript/open), which are relevant to the task but require user trust and a macOS agent environment.
Instruction Scope: concernThe SKILL.md instructs the agent to operate on the user's ~/Downloads and ~/.openclaw/workspace, to close browser windows via osascript, to automatically send the generated image (autoDownload=true and '自动发送'), and to delete files older than 7 days. These actions are within the functional scope but are intrusive: closing browser windows can disrupt the user, auto-sending may transmit images without interactive confirmation, and automated deletion commands could remove matching files if any naming collisions occur. The skill also references personalized paths (/Users/yzhu/...), which may not exist for other users.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This is the lowest-risk install mechanism — nothing is written to disk by an installer. The runtime relies on existing system tools (open, cp/mv, find, osascript) and the platform's 'message' tool.
Credentials: noteThe skill declares no required environment variables and requests no credentials directly. It implicitly depends on the agent's ability to use the 'message' tool to send to Feishu (so Feishu credentials/config must exist elsewhere). It also assumes read/write access to ~/Downloads and ~/.openclaw/workspace. These accesses are proportional to the stated task but require that the user trusts the external generation site and that Feishu is configured on the platform.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent elevated privileges or modify other skills' configs. It does reference an optional cleanup script and a HEARTBEAT.md process, but those are local housekeeping suggestions rather than forced modifications of platform state.