LoveClaw 八字缘分匹配：云端档案、照片、每日匹配与晚间报告。 用户唤醒：发送「启动爱情龙虾」进入报名。 安全设计：匹配运算与报告生成在 FC 服务端完成；skill 端仅做用户交互与通知路由，每个用户只能访问自己的数据。

What to check before you install 1) API token scope: Provide a minimal-scope LOVECLAW_API_TOKEN that only grants the cloud function endpoints the needed API surface (register/profile/report) — do not reuse broad cloud provider or admin credentials. Confirm where the token is provisioned and that the backend domain (default: https://loveclaw-cgbnqltfhd.cn-hangzhou.fcapp.run) is the expected service. 2) Inspect load-workspace-env.js: SKILL.md says it will only inject LOVECLAW_* and OPENCLAW_BIN (and standard proxy vars) from ~/.openclaw/workspace/.env. Open that script and verify the allowlist is implemented correctly. If you cannot verify, keep unrelated secrets out of that workspace .env. 3) Review session files the skill reads: The skill reads ~/.openclaw/workspace/skills/loveclaw/sessions.json and ~/.openclaw/agents/main/sessions/sessions.json to build routing. Ensure those files do not contain secrets you wouldn’t want read by this skill, and consider placing LoveClaw in an isolated workspace if possible. 4) Cron/job creation: The skill will call the openclaw CLI to add scheduled jobs (daily match and per-user evening reports). If you are uncomfortable with automatic cron registration, do NOT allow the agent to run those setup steps automatically — create the cron jobs yourself after review or disable cron setup in the code. 5) Media handling / local file upload: The code includes logic to parse local media attachment paths and the cloud upload functions accept base64 data; audit the remainder of cloud-handler.js (full file truncated in the manifest) to confirm it only uploads expected user-submitted temporary files and does not read arbitrary local files. 6) Third-party packages: npm install will pull many dependencies (aliyun SDK, firebase, etc.). If supply-chain risk is a concern, review package-lock.json and consider auditing or pinning versions, or install in an isolated environment. 7) Test in an isolated workspace first: Run the skill in an isolated user/workspace with a throwaway LOVECLAW_API_TOKEN to observe exactly what files it reads, what cron changes it requests, and what it sends to the remote API. What would change this assessment - If full contents of load-workspace-env.js show no proper whitelisting, or if cloud-handler.js includes code that reads arbitrary files and uploads them to the remote API, I would raise the verdict to more strongly suspicious or malicious. - If the agent sessions file parsing exposes tokens or sensitive data beyond routing metadata, or if the backend domain is unknown/untrusted, that would increase concern. Bottom line: The skill is largely coherent with the stated purpose, but it performs several broad local operations (reading agent session files, creating cron jobs, handling local media and uploads). Those behaviors are explainable for a notification router, yet they are powerful and deserve operator review and limiting the API token scope and workspace contents before trusting the skill in production.

Type: OpenClaw Skill Name: loveclaw Version: 21.21.21 The LoveClaw skill is a Bazi-based matching service that uses a remote Aliyun Function Compute (FC) backend. The code is well-structured and includes several security-conscious features, such as an environment variable allowlist in `load-workspace-env.js` to prevent the leakage of unrelated workspace secrets and path sanitization in `cloud-handler.js` when invoking the `openclaw` CLI for cron management. While `SKILL.md` contains strict instructions for the AI agent to act as a message relay, these are clearly intended to preserve the integrity of the multi-step registration state machine rather than to subvert the agent's security. Data handling (phone numbers, Bazi data, and photos) is consistent with the stated purpose of a matching application.