by 安全扫描
OpenClaw
可疑
high confidenceThe skill's code mostly matches its described purpose (pull inbox → analyze time & compliance → push DingTalk summaries and optionally reply), but the package metadata omits several required credentials and there are implementation inconsistencies and automation risks the user should be aware of.
评估建议
This skill mostly does what it says, but there are several important surprises and things to verify before enabling it:
- Missing declared credentials: The package metadata lists no required env vars, but the code requires XG_BIZ_API_KEY (work-collab appKey) and an LLM API key (ANTHROPIC_API_KEY or MINIMAX_API_KEY). Provide only keys scoped to the needed APIs and avoid reuse of high-privilege keys.
- Outbound network activity: At runtime the skill will call the collaboration API, external LLM ...详细分析 ▾
ℹ 用途与能力
The declared functionality (fetch inbox, time extraction, compliance check, DingTalk push, optional follow‑up replies) aligns with the provided scripts and references. The skill depends on an external 'cms-auth-skills' for the appKey which is coherent for the inbox/reply API. However the registry metadata lists no required environment variables or primary credential even though the code clearly needs service API keys — this mismatch is unexpected and reduces trust in the metadata.
⚠ 指令范围
Runtime instructions and scripts perform network calls to: (1) the work-collaboration API (https://cwork-api.mediportal.com.cn/open-api) to fetch/send messages, (2) LLM endpoints (Anthropic/Minimax) for analysis, and (3) user-configured DingTalk webhooks. They read and write local configuration/state files and can perform write actions (sending reply messages). The SKILL.md claims write operations require explicit confirmation unless 'automatic mode' is enabled — but automatic mode (auto_send_inquiry=true) would permit automatic replies that send data externally. The instructions also say to obtain XG_BIZ_API_KEY from cms-auth-skills; scripts instead expect that key in environment variables. The overall runtime scope is broad (network I/O + writes) and requires the user to configure sensitive keys; be aware the skill will transmit email contents and generated replies to external endpoints.
✓ 安装机制
There is no install spec (instruction-only / code-bundled), so nothing is fetched from remote during installation. All code is included in the bundle. This minimizes supply-chain risk from an installer, but the included scripts will make outbound network requests at runtime.
⚠ 凭证需求
The registry metadata declares no required environment variables, yet the code reads multiple credentials and config entries: XG_BIZ_API_KEY (work-collaboration appKey), ANTHROPIC_API_KEY and/or MINIMAX_API_KEY (LLM API keys), optional ANTHROPIC/AnthropicBaseUrl env vars, and model selectors. It also expects a DingTalk webhook stored in the local config. These are proportionate to the stated features (fetching inbox, calling LLMs, pushing to webhook), but the omission from declared requirements is a significant inconsistency. The user should treat the LLM and app keys as sensitive (they enable outbound data transfer and billing) and confirm scopes and trust before providing them.
ℹ 持久化与权限
The skill does not request always:true and does not modify other skills. It writes state and config files inside the skill directory (e.g., .cms-log/state/personal-assistant and .personal-assistant-config.json) which is normal for this functionality. However enabling auto_send_inquiry=true will cause the skill to send replies automatically (network write actions) without interactive confirmation — this increases blast radius and should only be enabled after testing in dry-run mode.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/16
初始版本
● 无害
安装命令
点击复制官方npx clawhub@latest install cms-personal-assistant
镜像加速npx clawhub@latest install cms-personal-assistant --registry https://cn.longxiaskill.com镜像同步中