ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bearblog

v1.0.1

Create and manage blog posts on Bear Blog (bearblog.dev). Supports extended Markdown, custom attributes, and browser-based publishing.

0· 2.3k·1 current·1 all-time
byAzade 🐐@azade-c
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Bear Blog post management) matches the declared requirement (browser.enabled) and the SKILL.md instructions. No unrelated environment variables, binaries, or installs are requested — the browser-driven automation is appropriate for this task.
Instruction Scope
Instructions are focused on navigating bearblog.dev, filling the header/content fields, and publishing. The examples sometimes use 'evaluate' to run JS in the page (e.g., reading header/body, overriding window.confirm, clicking buttons). Running JS in the authenticated browser session is necessary for certain actions (delete, read DOM), but it is sensitive because it runs arbitrary code in the context of the logged-in session and can read or act as that session. The instructions do not direct reading local files, environment variables, or transmitting unrelated data to external endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — minimal risk from installation (nothing is written to disk).
Credentials
The skill requests only browser.enabled (a Clawdbot/browser tool config) and expects an authenticated browser session (cookies). It does not request API keys, tokens, or unrelated credentials; access to session cookies is inherent to operating the blog and is proportionate to the purpose.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent platform presence or modification of other skills or system settings.
Assessment
This skill automates actions using your browser session — it can read and act as whatever account is logged in. Before enabling it: (1) confirm you want the agent to use your logged-in Bear Blog session/cookies, (2) review and test on a disposable or draft blog account if possible, and (3) be mindful that 'evaluate' steps execute arbitrary JavaScript in the page context (required for some actions like delete), so only use the skill with sites/accounts you trust. No external credentials or installs are requested by the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d7jsyjbbed30kbf3cqk3se180da6c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐻 Clawdis
Configbrowser.enabled

Comments