Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Doubao Web Image
v1.0.0Use Playwright to host a browser and call Doubao Web's image generation function. Call this skill when the user requests to draw or generate an image using D...
⭐ 0· 63·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included code: the project uses Playwright to automate Doubao Web image generation and saves a local login session. That capability is coherent for the stated purpose. However the README/SKILL.md explicitly states the tool is intended to "perfectly bypass `a_bogus` signature risk control", which indicates an intentional effort to evade platform protections rather than merely integrate with the service.
Instruction Scope
SKILL.md instructs the agent to run a local npx ts-node command and to execute it in headless background mode; it even contains a hardcoded absolute path (/Users/pengjianfang/skills/...), which is environment-specific and incorrect for most users. The instructions also direct the skill to persist login cookies to ~/.doubao-web-session and reopen UI on CAPTCHA — this is expected for automation but expands scope to read/write persistent session files and trigger UI popups. The combination of stealth/headless operation + saved login state + explicit bypassing intent is concerning from an abuse/terms-of-service perspective.
Install Mechanism
There is no formal install spec in the registry entry (instruction-only) but the package includes package.json and package-lock with dependencies (playwright, ts-node, typescript, etc.). Using this skill will require installing Node dependencies and Playwright browser binaries (potentially via npx playwright install chromium). That is expected but nontrivial — the skill will cause large packages and browser binaries to be installed locally.
Credentials
The skill does not request environment variables or external credentials. It writes a session directory in the user's home (~/.doubao-web-session) and creates debug screenshots in the working directory; these filesystem actions are proportional to a browser-automation login flow but do persist authentication state locally (cookie/session storage).
Persistence & Privilege
always: false (no forced global presence). The skill persists login state in ~/.doubao-web-session and may re-open UI for manual CAPTCHA resolution. Persisting session files is reasonable for the feature, but combined with headless automation and explicit bypass language it increases blast radius if misused. The skill does not appear to modify other skills or global agent configuration.
What to consider before installing
This skill appears to implement Playwright automation to drive Doubao Web and persist your login session locally. Before installing or running it:
- Understand it will store login cookies in ~/.doubao-web-session and may reuse your real account — consider using a throwaway account or isolated VM/container.
- The SKILL.md contains an absolute, user-specific path (/Users/pengjianfang/...) — update it to a valid path or run the script from the project directory instead of blindly executing that path.
- The code intentionally uses stealth options and claims to bypass platform risk controls; that may violate Doubao/ByteDance terms and could lead to account restrictions or legal/ToS issues. Consider the policy/ethics risk before using.
- Installing will pull Playwright and a browser binary (large), and the script may pop up UI for manual CAPTCHA handling; run in a sandbox if you are unsure.
- If you proceed, review the full client.ts (esp. any network/download logic and where it sends data), and run it with caution (offline review, limited account, or containerized environment).Like a lobster shell, security has layers — review code before you run it.
latestvk9745909yv02wf2m9ty5by71y584g359
License
MIT-0
Free to use, modify, and redistribute. No attribution required.