v1.0.0

头条文章阅读

ReviewClawScan verdict for this skill. Analyzed May 3, 2026, 12:57 AM.

Analysis

The skill mostly matches its article-reading purpose, but it has unsafe handling around arbitrary web pages and HTML export that users should review before installing.

GuidanceReview before installing. Use it only for links you trust, avoid HTML export from untrusted pages until output escaping is fixed, clear the local cache when reading sensitive material, and install Playwright/Chromium dependencies only from trusted sources.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

scripts/exporter.py

<title>{data.get('title', '无标题')}</title> ... {data.get('content', '').replace(chr(10), '<br>')}

HTML export interpolates article-derived title/content directly into an HTML file without HTML escaping. A malicious page could place HTML/script-like text in extracted fields that may execute if the exported file is opened.

User impactOpening an exported HTML article from an untrusted page could run unexpected script or display manipulated local content.

RecommendationEscape all article-derived fields with an HTML escaping library before writing HTML, or disable HTML export for untrusted sources.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/read_article.py

args=[
                        '--no-sandbox',
                        '--disable-dev-shm-usage',
                        '--disable-gpu',
                        '--disable-extensions',
                    ] ... response = self.page.goto(url, wait_until='domcontentloaded')

The skill loads the supplied URL in Chromium while explicitly disabling the browser sandbox. This is risky for a tool intended to visit arbitrary article pages.

User impactA malicious webpage would have a weaker browser isolation boundary if it triggered a browser exploit during article reading.

RecommendationAvoid '--no-sandbox' by default, restrict accepted URLs to http/https and expected domains where possible, and run the browser in a container or other sandbox if broad URL support is required.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

README.md

pip install playwright beautifulsoup4
   playwright install chromium

The skill requires external Python packages and a Chromium browser download even though the registry lists no install spec. This is purpose-aligned for Playwright automation but should be installed from trusted sources.

User impactInstalling the skill may download and run third-party browser automation components.

RecommendationInstall dependencies from trusted package repositories, prefer pinned versions, and verify the downloaded browser/dependencies before use.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/cache.py

cache_dir = Path(__file__).parent.parent / '.cache' ... self.cache_file = self.cache_dir / 'cache.json' ... 'url': url,
            'data': data

The cache stores article URLs and extracted article data locally in .cache/cache.json for later reuse.

User impactArticle history and extracted content may remain on disk and be reused on later runs, which could expose or replay stale content.

RecommendationClear the cache when reading sensitive links, document the cache location clearly, and consider per-user cache isolation or an option to disable caching by default.