Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Baoyu Skills

v1.0.0

宝玉分享的 Claude Code 技能集，包含多个内容生成和处理子技能。子技能列表 (skills/baoyu-*): - baoyu-article-illustrator: 文章插图生成 - baoyu-comic: 漫画生成 - baoyu-compress-image: 图片压缩 - baoyu-co...

⭐ 0· 30·0 current·0 all-time

by@conanwhf

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoRequires OAuth tokenPosts externally

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The name/description (image/markdown/posting skills) align with the code and required runtime (bun + Node + Chrome CDP). Requiring a Chrome profile and image generation API keys is coherent for 'post-to-*' and 'image-gen' features. However the registry summary at the top (saying 'instruction-only', no env vars) is inaccurate: the SKILL.md and many scripts reference environment variables, Chrome profiles, and provider API keys. That mismatch between declared metadata and actual code is unexpected and should be investigated.

Instruction Scope

The SKILL.md and supporting docs instruct running TypeScript scripts via Bun that: read EXTEND.md from project/xdg/home paths, access a shared Chrome CDP profile directory, load browser cookies and access tokens, and call image-generation providers. The url-to-markdown path includes a documented fallback to a hosted 'defuddle.md' API when local capture fails — which means webpage content may be transmitted to an external service. All of those actions go beyond simple 'formatting' and involve reading sensitive local browser state and possibly sending content externally; the runtime instructions also reference env vars (BAOYU_CHROME_PROFILE_DIR, WECHAT_BROWSER_DEBUG_PORT, provider keys) that are not declared in the registry metadata.

ℹ

Install Mechanism

The SKILL.md frontmatter includes an npm install suggestion (pkg '@jimliu/baoyu-skills', global) and the repository contains a full codebase (many TS files, vendored packages). There is no evidence of remote arbitrary binary downloads or 'curl | bash' installs (the changelog explicitly claims removal of piped installs). Installing via npm is standard; still verify the npm package source and integrity before running globally.

Credentials

Registry metadata lists no required env vars, but the SKILL.md and many scripts reference multiple environment variables and config paths (Chrome profile dir, debug ports, provider API keys). The skill will access a Chrome profile directory to reuse cookies and also contains code to load cookies and get web auth tokens — access that can expose session tokens for other sites. Requesting browser profile access and API keys is explainable for posting and image-generation features, but the declared requirements underreport this surface and the sharing of a single profile for all skills increases risk.

Persistence & Privilege

The skill does not set always:true, but several scripts are designed to use (and recommend) a shared Chrome profile under the user's home directory. That gives the skill access to browser cookies and logged-in sessions. While this is functionally needed for automated posting and web scraping, it's a high-privilege operation: it can read sensitive authentication data and perform actions as the logged-in user. Users should treat that as a meaningful privilege and avoid pointing the skill at their main Chrome profile.

What to consider before installing

This package appears to be a large, genuine toolset for generating and posting content, but it requests and uses sensitive local state that the top-level metadata understates. Before installing: 1) Verify the npm package and upstream repository (is @jimliu/baoyu-skills published and the code there identical to what's shown?). 2) Don't point the tools at your main Chrome profile — create a dedicated Chrome profile directory and set BAOYU_CHROME_PROFILE_DIR to that path. 3) Inspect EXTEND.md / config files to see which API keys and endpoints are required; avoid entering production credentials until you understand how the keys are used. 4) Review or disable the 'defuddle'/hosted fallback behavior if you will be converting pages with sensitive content (it may send page contents to a remote service). 5) If you want to be extra safe, run the skills in a sandbox/container with an isolated profile and limited network access, or install only individual sub-skills you trust rather than the entire bundle. If you want, I can list the exact files that read cookies, reference external endpoints, or expect environment variables so you can audit them more closely.

✗

packages/baoyu-chrome-cdp/src/index.test.ts:89