daily-review-helper Security Report — Trusted | ClawSafe

5 /100

daily-review-helper

定时回顾更新助手。定时（中午 12 点、晚上 23:50）自动回顾今日工作，查漏补缺，更新记忆和知识库。

This is a legitimate daily review helper skill that performs scheduled workspace analysis, memory updates, and git operations as documented in SKILL.md. No malicious behavior detected.

Skill Namedaily-review-helper

Duration37.9s

Enginepi

✓

Safe to install

This skill is safe to use. The implementation matches the documentation. No security concerns require action.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:29 '更新 MEMORY.md'; scripts/memory-updater.sh:60-90 creates/writes memor…
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:23 'Crontab 自动触发'; scripts/install.sh:40-50 modifies crontab
Network	`NONE`	`NONE`	—	No network requests found in any script
Environment	`NONE`	`NONE`	—	Only uses WORKSPACE env var, no credential access
Skill Invoke	`NONE`	`NONE`	—	No skill_invoke usage
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser access
Database	`NONE`	`NONE`	—	No database access

1 findings

🔗

Medium External URL 外部 URL

https://clawhub.com/skills/daily-review-helper

package.json:25

File Tree

11 files · 42.0 KB · 1364 lines

Shell 6f · 1036L Markdown 2f · 250L JSON 3f · 78L

├─ ▾ 📁 config

│ └─ 🔑 config.json ⚠ JSON 15L · 314 B

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 config

│ │ └─ 🔑 config.json ⚠ JSON 15L · 339 B

│ ├─ 🔧 gap-analyzer.sh Shell 222L · 6.8 KB

│ ├─ 🔧 install.sh Shell 97L · 4.3 KB

│ ├─ 🔧 knowledge-updater.sh Shell 172L · 5.5 KB

│ ├─ 🔧 memory-updater.sh Shell 183L · 4.9 KB

│ └─ 🔧 uninstall.sh Shell 66L · 3.0 KB

├─ 📋 package.json JSON 48L · 1.3 KB

├─ 📝 README.md Markdown 116L · 2.7 KB

├─ 📝 SKILL.md Markdown 134L · 3.4 KB

└─ 🔧 skill.sh Shell 296L · 9.4 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`git`	`any`	system	No	Required for git operations, declared in SKILL.md
`crontab`	`any`	system	No	Required for scheduling, declared in SKILL.md

Security Positives

✓ Documentation fully matches implementation - all declared features are present

✓ No credential harvesting or sensitive file access (no ~/.ssh, ~/.aws, .env access)

✓ No data exfiltration or external network requests detected

✓ No obfuscation techniques (no base64, eval, or suspicious encoding)

✓ No reverse shell, C2, or remote execution payloads

✓ Crontab and git operations are explicitly documented in SKILL.md

✓ Uses version pinning where applicable (openclaw: >=1.0.0 in package.json)

✓ Clean, well-structured bash scripts with proper error handling (set -e)

✓ MIT licensed with clear attribution to 思捷娅科技 (SJYKJ)

Scan Report

File Tree

Dependencies 2 items

Security Positives