Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Founder-HongYun Editor Automation
v0.1.9方正鸿云学术出版平台自动化技能。使用 browser 工具处理登录和页面交互,API 调用使用 browser.evaluate() 执行。触发关键词:登录方正鸿云、切换刊物、自动催修、自动催审、催审第 X 条、鸿云任务提醒、自动填写送审单、自动注册 DOI、获取登录 Cookie、调用获取刊物信息接口、调用获取...
⭐ 0· 151·0 current·0 all-time
by@behurry
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill declares browser automation for the Founder 鸿云 platform and optional WeChat publishing; those capabilities legitimately need browser access and, for the author, a way to call WeChat APIs. However the manifest grants exec permission (shell access) which is broader than the stated single-use curl to api.weixin.qq.com. Exec can run arbitrary commands; the README asserts a narrow use but cannot enforce it.
Instruction Scope
SKILL.md instructs the agent to extract and reuse login cookies (founder_cookie) from the browser session and to run browser.evaluate() for fetch calls. As an instruction-only skill there is no code to audit; the document relies on the implementer to obey domain-limiting rules. The skill claims it will only call the platform and api.weixin.qq.com, but browser.evaluate() and exec both can be used to call arbitrary endpoints or exfiltrate data if the runtime or skill author deviates from the doc.
Install Mechanism
No install script or external downloads — instruction-only skill. This minimizes the risk of hidden binaries being written to disk.
Credentials
No required environment variables; optional WECHAT_APP_ID/SECRET are reasonable for WeChat publishing. However the skill expects users or the agent to provide platform credentials or the skill to extract cookies from the browser session. Asking users to input credentials at runtime is safer than hardcoding, but the skill's ability to read cookies combined with exec/browser permissions increases the blast radius if misused.
Persistence & Privilege
always=false and autonomous invocation is the platform default. The skill does not request persistent/always-on presence. The declared permissions include exec and browser which are needed for functionality but are powerful; the SKILL.md promises only session-scoped cookie storage, but as an instruction-only package there is no enforcement of that promise.
What to consider before installing
This skill appears to be coherent with its stated purpose (automating a web editor plus optional WeChat publishing), but it relies on programmatic self-restraint rather than enforceable controls. Key risks: the manifest grants exec (shell) access and browser.evaluate() usage, both of which could be abused to exfiltrate cookies, credentials, or call arbitrary endpoints despite the README claiming otherwise. Before installing or using: 1) Only install from a trusted source; verify the actual published code repository if available. 2) Avoid setting persistent FOUNDER_USERNAME/FOUNDER_PASSWORD env vars—use interactive login. 3) Prefer not to provide WECHAT_APP_SECRET as a long-lived env var unless necessary; use scoped credentials and rotate/revoke after testing. 4) If possible, remove/deny exec permission or run the skill in a tightly sandboxed environment (no network egress except the platform and wechat API). 5) During first runs, monitor Browser DevTools Network tab and system process activity to ensure requests and shell calls are limited to the declared domains. 6) If you cannot audit the implementation or control exec rights, treat this skill as higher risk and consider not installing it.Like a lobster shell, security has layers — review code before you run it.
DOI-registrationvk9731neshnpm0y3s9qfnn1vcd5834naeFoundervk9731neshnpm0y3s9qfnn1vcd5834naeHongyunvk9731neshnpm0y3s9qfnn1vcd5834naeacademic-publishingvk9731neshnpm0y3s9qfnn1vcd5834naejournal-editingvk9731neshnpm0y3s9qfnn1vcd5834naelatestvk9731neshnpm0y3s9qfnn1vcd5834nae
License
MIT-0
Free to use, modify, and redistribute. No attribution required.