中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:20 hr ago Rescan
20 /100
daily-summary
每日工作总结自动生成。根据聊天记录和浏览器历史生成一句话工作总结,定时发送飞书。
Skill performs legitimate daily summary generation with declared browser history access; minor doc deception about Feishu sending but no actual exfiltration or malicious behavior.
Skill Namedaily-summary
Duration27.7s
Enginepi
Safe to install
Consider adding Feishu sending implementation if advertised, or update SKILL.md to match actual functionality.

Findings 2 items

Severity Finding Location
Low
Incomplete feature documentation Doc Mismatch
SKILL.md states '定时发送飞书' (scheduled Feishu sending) but scripts/generate.py only generates a summary and appends to memory file. No actual Feishu API integration is present.
每天定时发送飞书
→ Either implement Feishu sending or update SKILL.md to remove this claim
 SKILL.md:10
Low
Browser history database access Sensitive Access
Script reads Chrome/Edge History sqlite database, exposing visited URLs and page titles. Behavior is declared in SKILL.md but the scope is broad (all sites within 1 day).
shutil.copy2(history_path, temp_path)
→ Data stays local; no exfiltration observed. Consider filtering out sensitive URLs if any.
 scripts/generate.py:28
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ+WRITE ✓ Aligned main(): writes to ~/.openclaw/workspace/memory/{date}.md
Network READ READ ✓ Aligned read_browser_history(): accesses local History sqlite DB
Shell NONE NONE No subprocess execution found
Skill Invoke NONE NONE No cross-skill invocations

File Tree

2 files · 5.2 KB · 197 lines
Python 1f · 138L Markdown 1f · 59L
├─ 📁 scripts
│ └─ 🐍 generate.py Python 138L · 4.0 KB
└─ 📝 SKILL.md Markdown 59L · 1.3 KB

Security Positives

✓ No subprocess or shell execution
✓ No credential harvesting or environment variable enumeration
✓ No base64 encoding or obfuscation
✓ No network requests to external IPs
✓ No suspicious file operations beyond declared memory access
✓ Clean Python implementation with proper error handling
✓ Browser history access properly scoped and declared