Skillv1.0.1

ClawScan security

Echo Seed · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 2:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches an idea-capture app but contains multiple inconsistencies (hardcoded/incorrect config usage, writes to the agent's workspace DB, disabled TLS verification, and mismatched filenames) that increase risk and warrant review before installing.
Guidance: This package appears to implement the advertised idea-capture features, but there are several red flags you should address before installing or running it: - Config vs code mismatch: The docs say to use config.yaml and environment variables, but the code uses hardcoded placeholder constants (NOTION_API_KEY, XIAOXIAOZHAO_CONFIG) and different file locations. Confirm where credentials must go and prefer environment variables over editing source files. - Storage location: db_helper stores the SQLite DB in ~/.openclaw/workspace/memory/capsules.db (agent workspace). That means the skill will read/write data in your agent's memory area rather than a project-local data/ directory. If you don't want cross-contamination, change DB_PATH to a project-local path before running. - Network endpoints: The code calls api.minimaxi.com and gateway.maton.ai rather than the public Notion/Google endpoints. Verify those endpoints are expected and trustworthy for your usage; do not provide real API keys until you confirm. - TLS verification disabled: fetch_url_content uses requests.get(..., verify=False) which will ignore HTTPS certificate validation — risky for fetching external URLs. Consider enabling certificate verification. - Missing/inconsistent files and imports: echo-telegram-bot imports echo_telegram (module not present in the manifest) and some code paths reuse the wrong API keys (Google Calendar POST uses NOTION_API_KEY). Expect to need code fixes before reliable use. - Automatic AI/calendar sync: The design triggers AI analysis automatically on creation and may auto-sync detected todos to calendars. If you do not want automatic outbound requests or calendar writes, disable those features or run the service offline. Recommendations: inspect and modify the source before running — move DB to a local path, fix configuration to accept env vars, enable TLS verification, verify external endpoints, and test in an isolated environment (container/VM) with dummy API keys. If you are not comfortable auditing the code, avoid providing real secrets and do not run it against production accounts.

Review Dimensions

Purpose & Capability: noteName/description (idea capture + optional AI/Notion/Calendar/Telegram sync) generally align with the included code (web UI, Telegram bot, AI service). However there are mismatches: SKILL.md/project docs describe config.yaml and data/echo.db, while db_helper uses ~/.openclaw/workspace/memory/capsules.db (agent memory path). External gateway endpoints (gateway.maton.ai, api.minimaxi.com) are used instead of direct Notion/Google endpoints which is unexpected and not documented clearly.
Instruction Scope: concernRuntime instructions and files direct the agent to run local Python servers and perform network calls, fetch webpages, and automatically trigger AI analysis and calendar sync. The code writes into the agent workspace DB path and log/queue files, and fetch_url_content disables TLS verification (verify=False). SKILL.md suggests configuring via config.yaml/env vars, but scripts mostly use hardcoded placeholders/constants, meaning behavior depends on editing files rather than explicit configuration — granting the skill broader filesystem and network reach than the SKILL.md declares.
Install Mechanism: okNo heavy install mechanism is included; SKILL.md lists a simple pip install (Flask, requests). This is proportionate to a Python Flask app and low risk compared to download-and-extract installs.
Credentials: concernRegistry metadata declares no required env vars, but the code expects API keys and uses constants (XIAOXIAOZHAO_CONFIG['api_key'], NOTION_API_KEY) and a config.yaml is suggested in docs. The skill also writes to the agent's OpenClaw workspace DB (~/.openclaw/.../capsules.db), which may hold other agent data — a higher-privilege storage location than a project-local data/ directory. The Notion and Google Calendar calls reuse NOTION_API_KEY for Google requests (bug/incoherent). Required credentials for external services are not clearly or safely handled.
Persistence & Privilege: concernalways is false, but the code will create/modify a database in the agent's workspace (~/.openclaw/...), and write log/queue files in the project/logs directory. Writing into the agent memory path is notable because it can persist data in the agent's storage area (broader scope than a local data/ folder). The skill does not declare or limit that behavior.