ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Csdn Publisher

v2.3.0

写文章并发布到 CSDN。使用浏览器自动化 + 扫码登录。支持通过 Telegram 发送二维码,无需 VNC。集成 blog-writer 写作方法论,产出高质量、有个人风格的技术文章。

2· 2.1k·5 current·5 all-time
by@c4chuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's files and SKILL.md align with the stated purpose (writing + publishing to CSDN, QR login, optional Telegram notifications, Notion-based news dedup). However the registry metadata declares no required env vars/credentials while the code and scripts clearly expect Notion API credentials, a Telegram bot token/chat_id config file, and access to the OpenClaw workspace for storing cookies. That mismatch is incoherent.
!
Instruction Scope
Runtime instructions tell the agent to install Chrome, set gateway browser config to headless/noSandbox, run Playwright and node scripts, capture and save QR images and cookies to ~/.openclaw/workspace/credentials, call local CDP endpoints, and optionally send Telegram notifications. The skill also uses Notion querying scripts that send data to api.notion.com. These actions read/write sensitive data (cookies, Telegram config, Notion keys) and require modifying platform/browser config; the SKILL.md does not surface all required credentials or clearly limit where they are stored/transmitted.
Install Mechanism
There is no formal install spec (instruction-only), but SKILL.md instructs downloading Chrome from Google's official host (dl.google.com), installing pip packages (playwright) and npm ws, and running playwright install chromium. These are standard but involve network installs (PyPI/npm) and binary install via package manager. No obscure or shortened URLs are used in the provided scripts.
!
Credentials
The registry lists no required env vars, yet scripts expect/consume: NOTION_KEY and NOTION_DATABASE_ID (notion scripts), a Telegram config JSON containing bot_token and chat_id (login.py), proxy defaults (http(s)_proxy pointing at 127.0.0.1:20171), and will save browser storage_state/cookies to ~/.openclaw/workspace/credentials (sensitive session tokens). Requiring and storing CSDN cookies is proportionate to performing automated logins, but the fact these credentials are not declared in metadata is an incoherence and a privacy/security risk.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills. However SKILL.md instructs operators to change the gateway/browser config (headless + noSandbox) which weakens browser sandboxing. The skill stores cookies and can persist session tokens under the workspace — expected for this use case but sensitive. Autonomous invocation is allowed by default (normal) and combined with undeclared credential access increases risk.
What to consider before installing
This skill appears to implement CSDN publishing as described, but be cautious before installing or running it: - Metadata omission: The registry metadata declares no required env vars, yet the scripts expect Notion API keys (NOTION_KEY, NOTION_DATABASE_ID), a Telegram config file with bot_token/chat_id, and will write CSDN cookies into ~/.openclaw/workspace/credentials. Ask the publisher to declare these requirements explicitly or do not run until you understand them. - Sensitive artifacts: The skill saves browser storage_state/cookies (session tokens) to your workspace. If compromised, those cookies could let others act as your CSDN account. Store them in a restricted location, use a throwaway/test account where possible, and inspect the cookie file format before sharing. - Headless + noSandbox: The instructions recommend running Chrome with --no-sandbox. That reduces process isolation and increases risk if untrusted pages are opened. Prefer running in a properly sandboxed environment or isolate this skill on a dedicated VM/container. - Network & proxy defaults: Scripts default to a local proxy (http://127.0.0.1:20171). Ensure you understand what that proxy is and control it; otherwise outgoing traffic may be routed unexpectedly. Notion and Telegram calls go to external APIs (api.notion.com, api.telegram.org). - Supply-chain & installs: The skill runs pip/npm installs and downloads Chrome. Review the exact commands and run installs in an isolated environment to reduce supply-chain risk. - Audit the code: Review login.py and inject-content.js — they perform browser automation, CDP connections, and saving of credentials. Ensure you trust these operations and the repository source. If you plan to use Notion deduplication or Telegram notifications, supply those secrets only after reviewing and limiting their scope (use dedicated service tokens with least privilege). - Safer alternatives: If you only want local drafting or manual publishing, avoid enabling the login automation and CDP injection; instead export drafts to markdown and publish manually. If you want to proceed, request that the publisher update package metadata to list all required env vars and data paths, and consider running the skill inside a restricted container with network controls and a dedicated account.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfd6b4jp11dv53v9hzedscn814rsg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments