Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
sexy-claw
v1.0.0🦞 色😍龙虾 - 根据主人审美偏好,在多个平台(小红书、抖音、YouTube、B站)搜索并推荐颜值博主/视频。 自动获取用户cookies,学习主人喜好,推送个性化内容。 使用场景: - 主人说"找美女/小姐姐/颜值博主" - 主人提到特定平台(小红书/抖音/YouTube/B站) - 主人给出审美偏好(如"...
⭐ 0· 34·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (search and recommend creators across 小红书/抖音/B站/YouTube) matches the code: scripts query each platform. However the skill metadata declares no required binaries or environment variables while the code expects external CLIs (xhs, yt-dlp) and Python networking (requests). Also xhs_search.py activates a hard-coded virtualenv path (~/.agent-reach-venv) which is not documented—this is an unexplained dependency/mismatch.
Instruction Scope
SKILL.md instructs the user to extract and save platform cookies and the scripts read those cookies from references/platform_cookies.json. The description claims '自动获取用户cookies' but the runtime instructions require the user to manually copy cookies (no automated browser integration). The skill instructs opening video links locally (open), and scripts access the user's home path to source a virtualenv. These behaviors are within the stated purpose but involve handling sensitive session tokens and an undocumented venv path.
Install Mechanism
There is no install spec (instruction-only), so nothing is written by an installer. That reduces some risk. However the scripts depend on external tools (yt-dlp, xhs CLI) and Python packages (requests) that are not declared — the skill will fail or behave unexpectedly unless the environment already has these tools. No downloads or remote install URLs are present.
Credentials
No environment variables or cloud credentials are requested, which is appropriate. But the skill explicitly asks for and stores authentication cookies (web_session/a1, sessionid/ttwid, SESSDATA/bili_jct). Those are high-sensitivity secrets that effectively grant session access to user accounts; storing them in a plaintext local JSON file is proportionate to the task but risky and should be made explicit to the user. The skill claims cookies are stored locally and not uploaded (and the code shows no exfiltration), but that guarantee is purely declarative and should be verified by users.
Persistence & Privilege
The skill does local persistence only (references/user_preference.json and references/platform_cookies.json). It is not 'always: true' and does not modify other skills or system-wide config. Local persistence is expected for user preferences and cookie storage, but it increases privacy risk due to stored session tokens.
What to consider before installing
This skill appears to implement the advertised search across platforms, but you should take precautions before installing or using it:
- Cookies are sensitive: the skill asks you to copy platform session cookies and saves them as plaintext JSON in the skill directory. Those tokens can grant account access. Only use throwaway accounts or be prepared to revoke/change cookies if compromised.
- Undeclared dependencies: the scripts call 'yt-dlp' and an 'xhs' CLI and use Python requests; they also attempt to source ~/.agent-reach-venv. Ensure you understand and audit those third-party tools (especially the xhs CLI) before running them. Install them from trusted sources.
- Verify behavior: inspect the xhs and yt-dlp commands and confirm the skill does not transmit cookies or preferences to any external endpoint. The packaged code shows no upload endpoints, but verify after any changes.
- Prefer ephemeral use: if possible, avoid long-term storage of live session cookies; use limited or logged-out searches or ephemeral browser profiles.
- If you lack technical skills: consider not installing or only run the scripts in an isolated environment (VM/container) and review/replace any hard-coded paths (e.g., the ~/.agent-reach-venv activation) before use.
Given these privacy and dependency mismatches, proceed only if you are comfortable managing session tokens and can verify the third-party tools the scripts invoke.Like a lobster shell, security has layers — review code before you run it.
latestvk974gztayp4v4g3gf3zjm2xsn184n054
License
MIT-0
Free to use, modify, and redistribute. No attribution required.