Skillv1.0.0

ClawScan security

KB Social Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 3:37 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with its stated purpose (automating browser-based posts to Weibo and Xiaohongshu); it uses Playwright/Chrome and stores a local profile for login persistence, and there are no unexplained network endpoints or credential requests.
Guidance: This skill appears to do what it says: it launches a real Chrome via Playwright, opens the publisher pages, asks you to log in interactively, and can upload local images and submit posts. Before installing/using it: (1) be prepared that installing dependencies will download Playwright and Chromium; (2) review or run it in an isolated environment if you are concerned about downloaded binaries; (3) note that the tool saves a Chrome profile directory (cookies/session data) under the skill directory by default—if that directory is shared or backed up it could expose your sessions, so consider pointing --profile to a safe location or clearing it when done; (4) confirm you consent to interactive browser login (the script waits for you to press Enter after logging in). If you want extra assurance, inspect the included scripts locally or run them in a sandboxed VM/container.

Review Dimensions

Purpose & Capability: okName/description (post to 微博 and 小红书 using a real Chrome) match the included TypeScript scripts and package.json dependency on Playwright. Required local browser and bun are reasonable for this functionality; no unrelated credentials or services are requested.
Instruction Scope: okSKILL.md instructs running the scripts, logging into the sites in the opened browser, and optionally providing local image files and a profile dir. The runtime instructions and the code align: they visit only weibo.com and xiaohongshu publisher pages, prompt for interactive login, and upload local images—no instructions to read unrelated system files or to send data to unexpected endpoints.
Install Mechanism: noteThere is no explicit install spec in the registry metadata (instruction-only), but a package.json is present and lists Playwright; its postinstall runs 'playwright install chromium' which will download browser binaries. This is expected for Playwright-based automation but means network downloads occur during dependency installation.
Credentials: okThe skill requests no environment variables or external credentials. It does read local files (images) and writes/uses a Chrome user-data/profile directory for session persistence—which is proportional to its need to keep logged-in sessions.
Persistence & Privilege: noteThe skill uses a persistent Chrome profile directory (under the skill dir by default or via --profile) to save login sessions. This is expected for browser automation, but it means cookies/session tokens are stored on disk in that profile directory.