知识星球助手
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is not malicious, but it can post to a Knowledge Planet account directly without a final user review step.
Review this skill carefully before installing. If you use it, ask the agent to show the target group and exact post content and wait for your explicit approval before publishing. Log in only with the intended account and consider logging out when finished.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish the wrong content or post to the wrong place before the user has a chance to review the final state.
The skill instructs the agent to complete posting without sending a screenshot or requiring a final user confirmation. Posting is a high-impact account action because it publishes content under the user's account.
发帖子流程中**不需要截图发送**,直接完成发布即可!
Require an explicit final confirmation showing the target group and exact post content before clicking publish.
After login, the agent can operate the Knowledge Planet account in the browser session.
The skill relies on the user logging in via WeChat QR code, which gives the browser session access to the user's Knowledge Planet account. This is expected for the stated purpose, but it is still delegated account access.
使用 browser 工具打开登录页面:`browser action=open url=https://wx.zsxq.com/login` ... 截图发送给用户,让用户微信扫码
Use only with the intended account, confirm each sensitive action, and log out or clear the browser session when finished if needed.
Users have less context for who maintains the skill or where to audit updates.
The artifacts provide no upstream source or homepage. The included scripts are simple and visible, so this is a provenance note rather than evidence of malicious behavior.
Source: unknown; Homepage: none
Install only if you trust the publisher or have reviewed the included instructions and scripts.