Scan Report
5 /100
wanderclaw
AI knowledge exploration partner - a lobster that roams the internet finding interesting content and delivering it as postcards
WanderClaw is a legitimate AI content discovery agent that searches the web for interesting articles and delivers them as postcards. All functionality is documented, no credential harvesting or exfiltration detected.
Safe to install
No action needed. The skill is safe to use.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Info | External URLs are legitimate content sources | references/sources.yaml:1 |
| Info | Shell scripts serve documented setup purposes | scripts/setup.sh:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md metadata declares web_search/web_fetch tools |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md describes creating wanderclaw/ directory with state.json, postcards, an… |
| Shell | WRITE | WRITE | ✓ Aligned | scripts/setup.sh and schedule-cron.sh use mkdir, cp, openclaw cron add - all doc… |
22 findings
Medium External URL 外部 URL
https://news.ycombinator.com references/sources.yaml:15 Medium External URL 外部 URL
https://arxiv.org references/sources.yaml:21 Medium External URL 外部 URL
https://www.quantamagazine.org references/sources.yaml:27 Medium External URL 外部 URL
https://www.technologyreview.com references/sources.yaml:33 Medium External URL 外部 URL
http://paulgraham.com/articles.html references/sources.yaml:46 Medium External URL 外部 URL
https://collabfund.com/blog references/sources.yaml:52 Medium External URL 外部 URL
https://a16z.com references/sources.yaml:58 Medium External URL 外部 URL
https://sspai.com references/sources.yaml:65 Medium External URL 外部 URL
https://www.huxiu.com references/sources.yaml:71 Medium External URL 外部 URL
https://www.nature.com/news references/sources.yaml:78 Medium External URL 外部 URL
https://nautil.us references/sources.yaml:84 Medium External URL 外部 URL
https://scholar.google.com references/sources.yaml:97 Medium External URL 外部 URL
https://www.semanticscholar.org references/sources.yaml:103 Medium External URL 外部 URL
https://reddit.com/r/MachineLearning references/sources.yaml:110 Medium External URL 外部 URL
https://reddit.com/r/science references/sources.yaml:116 Medium External URL 外部 URL
https://reddit.com/r/technology references/sources.yaml:122 Medium External URL 外部 URL
https://reddit.com/r/todayilearned references/sources.yaml:128 Medium External URL 外部 URL
https://www.producthunt.com references/sources.yaml:134 Medium External URL 外部 URL
https://waitbutwhy.com references/sources.yaml:141 Medium External URL 外部 URL
https://www.astralcodexten.com references/sources.yaml:147 Medium External URL 外部 URL
https://thebrowser.com references/sources.yaml:153 Medium External URL 外部 URL
https://news.ycombinator.com/show references/sources.yaml:184 File Tree
10 files · 51.0 KB · 1492 lines Markdown 5f · 1083L
YAML 1f · 213L
Shell 2f · 175L
JSON 2f · 21L
├─
▾
assets
│ ├─
interest-graph.json
JSON
│ └─
state.json
JSON
├─
▾
references
│ ├─
EXPLORER.md
Markdown
│ ├─
postcard-format.md
Markdown
│ ├─
SOUL.md
Markdown
│ └─
sources.yaml
YAML
├─
▾
scripts
│ ├─
schedule-cron.sh
Shell
│ └─
setup.sh
Shell
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Comprehensive SKILL.md with detailed behavior documentation (270 lines)
✓ No credential harvesting - does not access ~/.ssh, ~/.aws, .env, or similar sensitive paths
✓ No data exfiltration - no POST requests to external servers
✓ No encoded payloads (base64, eval, atob) or suspicious patterns
✓ All shell operations are documented and serve the stated purpose
✓ No external dependencies (no package.json/requirements.txt) - pure shell/markdown implementation
✓ Local data storage contained within workspace directory
✓ Clear separation between search tool fallback strategies and actual execution