Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
article-collect
v1.0.0This is a simple skill for article recording, collect URLs as article, and provide users with query, delete, and other capabilities.
⭐ 0· 81·0 current·0 all-time
by@bondli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code: the skill saves URL+summary, lists and deletes entries stored in a JSON file. The use of puppeteer to scrape titles is reasonable for the stated purpose. However the dependency on @bondli-skills/shared (getBrowser) is notable: a shared module controlling the browser connection increases trust surface and isn't explained in SKILL.md or README.
Instruction Scope
SKILL.md instructs the agent to invoke node dist/index.js for add/list/delete actions and to only call add_article for mp.weixin.qq.com domains (otherwise use a built-in browser). The runtime code implements add/list/delete and scrapes via getBrowser+puppeteer. There's a mild mismatch: SKILL.md suggests 'built-in browser' for non-weixin URLs, but the skill's scraping relies on getBrowser from the shared package when add_article is invoked. The instructions do not request unrelated files or credentials.
Install Mechanism
No install spec (instruction-only) — lowest installation risk in itself. However package.json declares heavy dependencies (puppeteer, puppeteer-core) which will download Chromium when installed, and the project depends on @bondli-skills/shared. Because there is no install script declared here, installing the package into an environment would pull external code and binaries; that step is not automated by the skill manifest but remains a risk if performed.
Credentials
The skill declares no required env vars or credentials and only reads process.env.HOME to locate its JSON file. But the external @bondli-skills/shared module (getBrowser) could require or use environment variables or remote connection details not declared here — that increases ambiguity about what secrets or endpoints might be involved.
Persistence & Privilege
The skill writes its own JSON database to HOME/openclaw-skill-data/article-knowledge.json and does not request always:true or system-wide changes. File writes are limited to its own data path; this is expected for a local article-collecting skill.
What to consider before installing
This skill appears to do what it says (save/list/delete article URLs) but has two items you should resolve before installing or running it in a production environment:
1) Inspect @bondli-skills/shared (getBrowser) before use. The shared browser module controls how the browser is launched/connected. It could launch a local Chromium, connect to a remote browser, or embed credentials/telemetry. Ask the author for the source or examine the package source to confirm it doesn't send visited page content to an external service.
2) Be aware installing dependencies (puppeteer / puppeteer-core) will download Chromium binaries. If you plan to run the skill, do so in an isolated environment (container/VM) and review network access. The skill writes data to ~/openclaw-skill-data/article-knowledge.json — if that location is acceptable, the file writes are proportional.
If you cannot inspect the shared module source, treat this skill as untrusted: run it only in a sandbox, or request a version that removes the opaque dependency by providing a clear, local getBrowser implementation.dist/index.js:5
Environment variable access combined with network send.
dist/index.js:19
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk979najrm325z439k0t2hcxbhx83hafa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.