ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

今日头条运营助手

v1.0.0

自动化管理今日头条账号,支持热点监控、AI内容生成、封面设计及自动发布,适合自媒体和营销团队。

2· 168·0 current·0 all-time
by@cjsmme-hash
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to manage Toutiao accounts, monitor multi-platform hotspots, generate content, design covers, and auto-publish — these functions are coherent for a social-media ops tool. However, publishing and browser automation legitimately require credentials and automation tooling (e.g., a browser driver), yet the registry metadata declares no required env vars, no required binaries, and no install steps. The missing declared requirements are disproportionate to the stated capabilities.
!
Instruction Scope
SKILL.md instructs agents to scrape/monitor multiple platforms (Weibo/抖音/知乎/头条), collect metrics, and perform browser-based automated publishing using account+password. The instructions do not specify how credentials are obtained/stored, which external APIs/endpoints are used, or limits on data handling. That leaves room for the agent to request or handle sensitive secrets and to perform large-scale scraping or external posting without explicit safeguards.
Install Mechanism
This is an instruction-only skill with no install spec and no code files required to be written to disk. That minimizes direct install-time risk. (Note: runtime actions like browser automation would still require local tooling, but the skill doesn't declare them.)
!
Credentials
The SKILL.md explicitly says the user must have a Toutiao account (账号+密码) and needs browser automation, but requires.env and primary credential fields are empty. Requiring account credentials is plausible for publishing, but the skill should declare what secrets it expects, how they are passed/stored, and whether OAuth/session-based auth is supported. Absence of declared credential requirements is an incoherence and increases risk of ad-hoc credential collection.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is enabled (default). Autonomous invocation plus a skill that can publish on a user's behalf increases potential impact, but autonomous invocation alone is a platform default and not sufficient to mark this malicious. Still, because the skill can perform publishing, you should prefer explicit user approval before each publish and consider disabling autonomous invocation if you do not trust the author.
What to consider before installing
This skill does what its name promises, but it leaves important operational and security details unspecified. Before installing or using it: - Ask the author for source code or a homepage and for a clear list of required credentials, binaries, and install steps. The package currently declares none while the instructions expect account+password and browser automation. - Do not paste account passwords into a skill prompt. Prefer OAuth or session-based auth, or confirm where credentials are stored and whether they are encrypted. - If you allow publishing, require explicit, per-post confirmation and audit logs so the agent cannot publish autonomously without your consent. - Confirm how the skill monitors other platforms (official APIs vs scraping) and ensure that behavior complies with those platforms' terms of service. - Prefer running any browser-automation locally under your control (e.g., with your own browser profile) rather than giving the skill credentials or remote endpoints. - If you cannot verify the source or code, treat the skill as untrusted and avoid providing real account credentials; consider using test accounts only. If you want, I can draft specific questions to send to the skill author to clarify credentials, auth flow, and publishing safeguards.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f9g0zcfvpv95jtc583nn7kn841r4d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments