v0.2.1

Sec Daily Digest

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:10 AM.

Analysis

This skill appears to do what it claims—generate a cybersecurity digest—but it uses external AI/Twitter/Gmail services and local persistent state, so users should review credentials and email options before use.

GuidanceBefore installing, decide which external services you want enabled. Use dry-run mode for local rule-based testing, set only the API keys you intend to use, confirm any email recipient, and periodically review or isolate the ~/.sec-daily-digest state directory.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

src/ai/prompts.ts

let entry = `Index ${article.index}: [${article.sourceName}] ${article.title}\nURL: ${article.link}\n${article.description.slice(0, 800)}`; ... `[Full text excerpt]\n${article.fullText.slice(0, 500)}`

External article titles, descriptions, URLs, and optional full-text excerpts are inserted directly into AI prompts for scoring and summarization.

User impactA hostile article or feed item could try to influence the model’s scoring or summary text, though the artifacts do not show model output being used to run tools.

RecommendationTreat generated summaries as advisory, review important source links, and consider stronger prompt-injection delimiters if maintaining the skill.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

README.zh-CN.md

gog gmail send --to <addr> --subject "sec-daily-digest YYYY-MM-DD" --body-file -

The optional email mode sends the generated digest through an external Gmail CLI.

User impactIf the email option is invoked with the wrong address or account, the digest could be sent externally from the user’s Gmail setup.

RecommendationUse `--email` only when explicitly desired, confirm the recipient, and ensure `gog` is authenticated to the intended account.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

package.json

"dependencies": { "yaml": "^2.8.2" }

The package uses a version range for its dependency, so installs may resolve different compatible versions over time.

User impactDependency behavior could change between installs even if the skill artifacts are unchanged.

RecommendationInstall with a lockfile or pin dependency versions for reproducible recurring use.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

OPENAI_API_KEY ... GEMINI_API_KEY ... ANTHROPIC_API_KEY ... TWITTERAPI_IO_KEY ... X_BEARER_TOKEN

The skill can use AI provider keys and Twitter/X API credentials to fetch and analyze digest content.

User impactThese credentials may incur provider usage, access Twitter/X API data, and send fetched article or tweet content to selected AI services.

RecommendationUse least-privilege or project-specific keys, avoid setting credentials you do not need, and use `--dry-run` or `--no-twitter` when external services are not desired.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

README.md

Persistent directory: `~/.sec-daily-digest/` ... `sources.yaml` ... `health.json` ... `archive/YYYY-MM-DD.json` ... `twitter-id-cache.json`

The skill maintains local state across runs for configuration, source lists, health tracking, archives, and Twitter ID caching.

User impactPast source history and configuration can influence future digest ranking, deduplication, and health warnings.

RecommendationInspect or clear `~/.sec-daily-digest` when needed, and use `SEC_DAILY_DIGEST_HOME` to isolate state for different projects.