Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Topic Scout
v1.0.0AI短视频选题追踪系统。自动抓取指定YouTube博主视频和Twitter博主推文,分析内容,聚合跨平台热点主题,生成带热度评分和选题建议的分析报告,结果写入钉钉AI表格。适用于:定时抓取AI领域博主内容、分析短视频选题热度、跨平台话题聚合、生成选题建议。触发词:"抓取选题"、"分析选题"、"选题scout"、"...
⭐ 0· 440·4 current·4 all-time
byAlex Yang@agegr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the actions in SKILL.md: it fetches YouTube and X/Twitter content (yt-dlp, bird) and writes to DingTalk AI tables (mcporter / dingtalk-ai-table). The declared dependencies (bird, yt-dlp, mcporter) are appropriate for the described functionality; installing related skills via clawhub is also consistent.
Instruction Scope
Instructions are concrete and confined to fetching content, summarizing, aggregating and writing records to a DingTalk AI table. They instruct reading the local references/config.json and running CLI calls. However, the runtime steps require obtaining X/Twitter cookies (auth_token and ct0) from the browser and registering a DingTalk MCP Streamable HTTP URL — both are sensitive and not declared as required secrets. The SKILL.md does not instruct the agent to exfiltrate data to unknown endpoints, but it does rely on user-supplied tokens and an MCP URL that could point to an external service.
Install Mechanism
No formal install spec in the package (instruction-only). SKILL.md directs npm -g installs (mcporter, bird, clawhub) and pip install (yt-dlp) — these are standard package registry installs (npm/pypi). Global installs require elevated privileges and pollute system PATH; they are expected for CLI tooling but carry the usual supply-chain risk of npm/pip packages. There are no arbitrary downloads from obscure URLs in the install instructions.
Credentials
The registry metadata declares no required environment variables or primary credential, yet the runtime instructions explicitly require: (1) a DingTalk MCP Streamable HTTP URL to register with mcporter, and (2) Twitter/X browser cookies (auth_token and ct0) to fetch tweets via bird. These are effectively credentials but are not declared. The skill also instructs writing tokens into ~/.config/bird/config.json5 or passing them as CLI args; that handling is sensitive and should be acknowledged in metadata.
Persistence & Privilege
The skill is instruction-only, always:false, and user-invocable; it does not request permanent inclusion or system-wide config modifications beyond creating/saving its own references/config.json. It does recommend installing other skills via clawhub, which will change the agent environment, but this is within the expected scope for a skill that coordinates other tools.
What to consider before installing
This skill is coherent with its stated purpose, but pay attention to two practical security issues before installing:
1) Credentials not declared: The instructions require a DingTalk MCP Server Streamable HTTP URL and X/Twitter cookies (auth_token and ct0). These are sensitive credentials but the skill metadata does not declare them. Only provide them if you trust the skill and the environment where mcporter will send data.
2) Cookie-based Twitter auth: Extracting auth_token and ct0 from your browser is sensitive—these cookies grant access tied to your account. Prefer using a proper API token/session mechanism (if available), store tokens securely (not world-readable files), and avoid reusing personal account cookies on shared/dedicated servers.
3) Global installs & supply-chain: The skill asks you to npm -g / pip install several CLIs and to clawhub-install other skills. Review the npm/pypi packages (mcporter, @steipete/bird, yt-dlp, clawhub) and consider installing in a controlled environment (virtualenv, container, or dedicated VM) to limit blast radius.
4) Verify MCP endpoint: The mcporter registration requires you to provide the MCP Server URL — confirm this endpoint is a trusted DingTalk MCP server for your org and not a third-party capture endpoint.
If you want to proceed: run the installs in an isolated environment, avoid exposing your main browser cookies (create a dedicated account or use API credentials), and verify the npm/pip packages' sources and versions. If you want, I can list the exact places where credentials are used in the workflow and suggest safer alternatives (OAuth, read-only service accounts, or rotating tokens).Like a lobster shell, security has layers — review code before you run it.
latestvk9786b0afess4chypp8jeetc5x82pvwn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.