ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SeedDrop

v1.0.4

Community engagement assistant that monitors platforms, generates valuable replies referencing your product naturally, and supports approve or auto modes.

0· 161·0 current·0 all-time
byLIU@2019-02-18
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's purpose (monitoring and drafting replies) matches the included scripts (monitor, scorer, responder, auth-bridge, adapters). HOWEVER the registry metadata claims no required binaries/credentials while the package manifests and SKILL.md clearly require node/npx/tsx, a headless browser tool, and a companion SocialVault skill. That metadata mismatch is incoherent and could mislead users about necessary privileges and dependencies.
!
Instruction Scope
The SKILL.md and scripts instruct the agent to: obtain sensitive cookies from SocialVault, inject complete cookies into a headless browser, navigate and scrape/render pages, and run local TypeScript scripts via `npx tsx`. These actions are within the stated purpose but involve handling full session cookies (e.g., z_c0, d_c0, BDUSS) which can enable account actions or takeover if mishandled. The instructions also delegate SocialVault operations to the agent (auth-bridge returns run-this-command tokens), meaning the agent will be asked to execute commands that access encrypted credentials—this is expected for the feature but high-risk.
!
Install Mechanism
There is no install spec in the registry entry, but the package contains many TypeScript scripts and a clawhub.json that declares required tools (bash, browser) and anyBins (node, npx). Running the skill requires executing local code via `npx tsx`. The absence of an explicit install step combined with executable source files means code will be run locally at runtime—verify the code and required runtime (Node/tsx) before running. No third-party download URLs were present, which reduces some installation risk.
!
Credentials
The skill requests no environment variables in registry metadata, but the runtime explicitly requires access to user session cookies for multiple platforms (SESSDATA/bili_jct, BDUSS/STOKEN, z_c0/d_c0/__zse_ck/_xsrf/SESSIONID, a1/web_session). These are highly sensitive credentials. The reliance on a separate SocialVault companion for encrypted storage is appropriate for secrecy, but the agent is instructed to export and inject full cookies into a browser context—this is proportional to automated posting but materially increases credential exposure and should only be granted if you trust both SocialVault and this skill's code.
Persistence & Privilege
The skill is not force-enabled (always: false) and uses normal autonomous invocation. It persists only to its own memory files under {baseDir}/memory (brand-profile.md, interaction-log.jsonl, performance-stats.json), and does not request system-wide configuration changes. This level of persistence is expected for its function.
Scan Findings in Context
[pre-scan-injection-none] expected: Pre-scan reported no injection signals. The lack of regex hits is not evidence of safety — the project contains many source files and explicit instructions that must be reviewed manually (not all risks show up in regex scans).
What to consider before installing
What to consider before installing: - Metadata mismatch: The registry entry claimed no required binaries/credentials, but the package and SKILL.md require Node/npx/tsx, a headless browser tool, and a companion SocialVault skill. Do not trust the 'none' metadata — confirm you have the required runtime and companion skill. - Sensitive credentials: The skill requires full session cookies for platforms (e.g., BDUSS, z_c0, d_c0, SESSDATA). Those cookies can be used to act as your account. The skill expects you to store them in SocialVault (encrypted) and to export/inject them into a browser. Only proceed if you fully trust both SocialVault and this skill's code. - Review code and adapters: The package includes many scripts and per-platform adapters. If you are not comfortable auditing them yourself, ask for an independent code review (pay attention to adapters and any network calls they make). Look for hidden remote endpoints, telemetry, or commands that exfiltrate secrets. - Run in a safe environment first: Test with dummy accounts and non-production credentials. Prefer least-privilege credentials and accounts with no payment methods tied. - Validate SocialVault: Confirm the SocialVault skill is the official/expected implementation and understand how it exports credentials to the agent. Verify encryption and access controls. - Manual approval is enforced by the skill, which reduces abuse risk, but manual review only protects the posting step — credential exposure can still occur during monitoring/fallback browser scraping. - If you are uncomfortable granting full session cookies or cannot audit the adapter code, do not install. If you proceed, restrict the skill's access (use test accounts, run in isolated environment, and monitor logs for unexpected network activity).

Like a lobster shell, security has layers — review code before you run it.

latestvk97f99sm0ahzck2e0dpxadmdnx83gas1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments