Bear Blog Publisher
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its blog-publishing purpose, but it needs review because it handles passwords, has a hardcoded Bear Blog account path for image uploads, and makes inconsistent claims about credential storage.
Before installing, confirm the target Bear Blog account/slug behavior, avoid storing your Bear Blog password in plaintext config if possible, review generated posts before publishing, and only enable Playwright-based diagrams or AI generation if you accept the external dependencies and provider data sharing.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Image uploads could fail, target the wrong Bear Blog namespace, or otherwise use the user's account session in a way that is not clearly tied to their intended blog.
The skill logs in with the user's Bear Blog credentials, then targets a hardcoded /cattalk/ dashboard path for image uploads instead of clearly scoping the action to the authenticated user's own blog.
login_data = {'login': self.email, 'password': self.password, ...}; upload_url = "https://bearblog.dev/cattalk/dashboard/upload-image/"Derive the upload/posting URLs from the authenticated user's account or require the user to configure and confirm the target Bear Blog slug before any upload or publish action.
A user may store a Bear Blog password on disk while believing the skill only keeps credentials in memory.
The README both instructs users to store a password in an OpenClaw config file and claims there is no persistent credential storage, which can mislead users about password persistence.
Edit `~/.openclaw/openclaw.json` ... "password": "yourpassword" ... "No persistent credential storage" - credentials only exist in memory during execution
Correct the documentation to state clearly that the config-file method persists a plaintext password, and prefer environment variables or a secrets manager.
If invoked imprecisely, the agent may publish content before the user has reviewed the final text.
The skill can directly publish AI-generated content to a public blogging platform. This is purpose-aligned, but it is a high-impact external mutation.
You: "Write and publish a blog about Python asyncio" AI: [Generates content with OpenAI, publishes]
Ask the agent to draft first, review the content, then give an explicit publish command.
Installing or enabling diagram generation may download and run a large browser dependency.
The package metadata declares Python dependencies and a Chromium browser download for Playwright. This fits diagram generation, but it is extra install-time behavior users should notice.
"python": ["requests", "playwright"], "command": "playwright install chromium"
Install only from a trusted source, review dependency versions, and skip diagram generation if Playwright/Chromium is not acceptable.
Rendering untrusted HTML or running in a shared environment would carry more risk than normal markdown publishing.
The skill runs Chromium via Playwright with reduced sandboxing for diagram rendering. This is disclosed and purpose-aligned, but it is still local browser execution.
`--no-sandbox` Flag ... Risk: Slightly reduced browser isolation ... Only used for local HTML-to-image conversion
Use diagram generation only with trusted diagram content and avoid running it in sensitive shared environments.
Topics or draft details sent for AI generation leave the local environment and go to the selected provider.
Optional AI generation sends the user's topic/prompt to OpenAI or Kimi/Moonshot using the configured API key. This is disclosed and central to the optional AI feature.
requests.post("https://api.openai.com/v1/chat/completions", ...); requests.post("https://api.moonshot.cn/v1/chat/completions", ...)Do not use AI generation for private or sensitive drafts unless you are comfortable with the provider's data handling.