Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
toutiao-publish
v1.0.0用 Cookie 或已保存会话在头条号后台发布文章,支持标题/正文/图片与固定目录 docx 导入。当用户要自动发头条文章、传入 cookie_header 或要求按 docx 流程发布时调用。
⭐ 0· 102·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (publish to Toutiao using cookie or saved session, support docx import) matches the runtime steps. However the SKILL.md assumes a preinstalled project at /home/ubuntu/projects/toutiao_poster with a .venv and specific artifact directories; the registry metadata declares no install steps or required env vars — so the skill will only work where that exact layout exists. This is plausible for a private server deployment but is an undeclared dependency.
Instruction Scope
The instructions tell the agent to cd into a fixed path and run a local Python module, read and upload images/docx from specific absolute directories, archive files to done/, and save screenshots to artifacts/. Those file I/O and move operations are all within the posting workflow, but the doc explicitly references environment variables (TOUTIAO_COOKIE, TOUTIAO_IMAGE_DIR) and saved session files that are not listed in metadata. The SKILL.md also assumes headless automation and clicking UI elements — this requires the host to have the necessary runtime and credentials.
Install Mechanism
This is an instruction-only skill with no install spec or code. That limits supply-chain risk (nothing is downloaded by the skill), but it shifts risk to assumptions about a preinstalled project and environment which are undocumented.
Credentials
Metadata lists no required env vars, but SKILL.md uses TOUTIAO_COOKIE (sensitive browser cookie string) and optionally TOUTIAO_IMAGE_DIR. Asking users to supply browser cookies is expected for session-based posting, but the mismatch between declared requirements and the actual sensitive inputs is an incoherence to surface: the skill can cause sensitive cookie data to be used and transmitted by the local script, and it will read/move files under several absolute paths.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It will perform local file operations (moving posted images/docx to done/ and writing screenshots in artifacts/), which is expected behavior for this tool but means it needs filesystem privileges in those directories. No elevated platform privileges are requested via metadata.
What to consider before installing
Before installing or using this skill: 1) Confirm you actually have the project at /home/ubuntu/projects/toutiao_poster (or adjust paths) and a working .venv; this skill has no installer. 2) Treat TOUTIAO_COOKIE as a secret: only provide cookies you control and understand that the local script will use them to authenticate; do not paste production account cookies unless you trust the host. 3) Verify and restrict file permissions on the image/docx/artifacts directories — the script will read, upload, and move files there. 4) Ask the publisher for the source code or a homepage and installation instructions so you can audit what the Python module does (network calls, logging, error handling). 5) If you plan to run this in a different environment, update the SKILL.md paths and document required env vars (TOUTIAO_COOKIE, TOUTIAO_IMAGE_DIR) so requirements and metadata match. If you cannot verify the above, avoid providing cookies or running this skill on sensitive accounts.Like a lobster shell, security has layers — review code before you run it.
latestvk976zrf0331zzs65qvz12vfps983w8r4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.