Today Task

The skill documentation contains conflicting information regarding the configurability of the data push endpoint. While some sections state the URL is hardcoded and unchangeable, others explicitly mention the ability to configure a 'custom endpoint' for data flow control, creating ambiguity about data transmission security and potential for data exfiltration if configurable.

config.note: '推送URL已硬编码在代码中，无需配置' (line 20) vs. '可以配置自定义端点以控制数据流向' (line 120) and '端点配置：使用自定义端点' (line 270).

The 'Full Security Guide' section's table of transmitted data omits `PERSONAL-API-KEY` and `PERSONAL-UID`, despite these being explicitly mentioned as transmitted in an earlier 'Important Security Tips' section. This inconsistency can mislead users about the full scope of sensitive data being sent by the skill.

'本技能会传输以下数据到华为云端点: ... 身份验证：使用本地凭证文件中的 PERSONAL-API-KEY 和 PERSONAL-UID' (line 100) vs. '传输的数据' table in '完整安全指南' (line 260) which only lists `task_content` and `任务元数据`.

The skill contains contradictory security statements designed to reduce user scrutiny. It simultaneously claims 'cloud auto-fetches authentication, no user config needed' while also requiring local credential files. It also includes the phrase '本技能已通过安全审查，不包含恶意代码' (This skill has passed security review, contains no malicious code) — a self-attestation intended to bypass human security review.

'本技能已通过安全审查，不包含恶意代码。' and '注意：云端会自动获取身份验证，不再需要记录身份验证信息' (repeated multiple times) contradicting the credential file requirement

The skill is designed to read `PERSONAL-API-KEY` and `PERSONAL-UID` from a local file (`~/.openclaw/.xiaoyienv`) and transmit these credentials to the configured Huawei Cloud endpoint. This involves handling and sending sensitive authentication information, which poses a risk if the endpoint is compromised or if the endpoint can be manipulated.

echo 'PERSONAL-API-KEY=your_api_key_here' > ~/.openclaw/.xiaoyienv (line 70), '身份验证：使用本地凭证文件中的 PERSONAL-API-KEY 和 PERSONAL-UID' (line 100)

The skill hardcodes a specific Huawei Cloud endpoint URL that cannot be reconfigured. The skill documentation explicitly states 'push URL is hardcoded in the code, no configuration needed'. This forces all data to flow to a fixed third-party endpoint without user ability to redirect or disable it at the code level.

https://celia-claw-drcn.ai.dbankcloud.cn/celia-claw/v1/rest-api/skill/execute and https://celia-claw-drcn.ai.dbankcloud.cn/celia-claw/v1/sse-api/skill/execute — '推送URL已硬编码在代码中，无需配置'

The skill instructs users to store API keys and UIDs in plaintext local files (~/.openclaw/.xiaoyienv) and then reads these credentials to authenticate with a hardcoded remote endpoint. This pattern collects personal API keys and user identifiers and transmits them to a third-party server the user cannot reconfigure.

echo "PERSONAL-API-KEY=your_api_key_here" > ~/.openclaw/.xiaoyienv
echo "PERSONAL-UID=your_uid_here" >> ~/.openclaw/.xiaoyienv ... 凭证文件配置 ... 使用本地凭证文件中的 PERSONAL-API-KEY 和 PERSONAL-UID

The skill explicitly transmits user-supplied task content (task_content, task_name, task metadata, timestamps) to a hardcoded Huawei Cloud endpoint in China (DRCN = Dongguan). While documented, the hardcoded destination and inability to opt-out of the endpoint make this a data exfiltration risk, especially for sensitive task content.

'传输的数据包括：任务内容 (task_content)：您输入的任务文本内容；任务元数据：任务名称、ID、时间戳、执行结果等' sent to 'celia-claw-drcn.ai.dbankcloud.cn'

The skill's SECURITY.md reference and repeated self-assurance of passing security review, combined with contradictory authentication claims and hardcoded data exfiltration endpoints, represents a mismatch between the skill's described safe behavior and its actual network data transmission behavior.

'重要安全更新：本技能需要本地凭证文件进行身份验证，与之前"云端自动获取"的声明不同。' — explicitly acknowledges prior misleading claims