Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
每日潜力网文新书推荐-SBTI版!
v1.0.5起点中文网好书推荐,支持两种模式: 1)三江榜新书推荐——每天从起点三江榜单中精选3本优质新书; 2)经典网文推荐——从起点万订/十万均订经典作品中随机推荐,附IP衍生品(电视剧/动漫/手办)和海外出圈信息。 内置去重机制,支持按 SBTI 性格筛选。 触发场景:推荐好书、三江榜、起点推荐、小说推荐、今天看什么书...
⭐ 0· 60·0 current·0 all-time
by顾炎@drow931
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included scripts and data: both sanjiang_picker.py and classic_picker.py implement scraping, caching, SBTI filtering, and recommendation output as described. Required resources (no env vars, local cache, optional Excel import) are coherent with the purpose.
Instruction Scope
SKILL.md explicitly instructs the agent to run the included Python scripts and to use returned qidian_url values verbatim (to preserve a tracking param). It also references reading a local Excel import path when used. The instruction file contains detected 'unicode-control-chars' which is a prompt-injection signal — this could be an attempt to hide or manipulate instructions/content. The 'disable: true' frontmatter line in the header is unusual and may be an attempt to affect tool usage rules in some runtimes.
Install Mechanism
No install spec in registry, but both scripts implement automatic dependency installation by invoking pip via subprocess (tries sys.executable -m pip, pip3, pip). This is expected for Python scripts but carries moderate risk because it performs network installs from PyPI at runtime. The scripts write cache/history files under the skill directory (local scope).
Credentials
The skill requests no environment variables or external credentials. All file and network access described (qidiantu.com, qidian.com, optional local Excel import) are explainable by the stated functionality.
Persistence & Privilege
always is false. The scripts create local cache and history files under the skill directory (./.cache, .sanjiang_history.json, .classic_history.json). They do not request system-wide settings or other skills' credentials. This is within expected scope for a caching crawler.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters which the static detector flagged as a prompt-injection pattern. There is no legitimate need to hide instructions for a book-recommendation skill; this increases suspicion and merits manual review of the raw SKILL.md for hidden/obfuscated content.
What to consider before installing
This skill appears to implement what it claims (Qidian recommendations via two Python scripts) and requires no credentials, but exercise caution before running it. Steps to reduce risk: 1) Inspect the raw SKILL.md and the two Python scripts yourself (they are included) — look for hidden/obfuscated strings or unexpected network endpoints. 2) Because the scripts auto-install pip packages, run them in an isolated environment (container/VM) or disable network/PyPI access and preinstall required deps (beautifulsoup4, lxml). 3) Run with --setup first to observe behavior and network calls; do not run as root. 4) If you won’t use Excel import or refresh features, avoid those commands to limit file reads/remote requests. 5) Be aware the skill enforces keeping a _trace parameter in outbound qidian.com links (a tracking/attribution requirement); if you’re uncomfortable with attribution/tracking, remove or modify links after reviewing implications. 6) The presence of unicode-control-chars in SKILL.md is unusual — if you lack confidence, ask the publisher for clarification or avoid installing until the SKILL.md is sanitized. Overall: functionally coherent but has prompt-injection signals and runtime pip installs — review manually and sandbox execution.Like a lobster shell, security has layers — review code before you run it.
latestvk97ck81j16c0epr05dx8f3pg9n84syef
License
MIT-0
Free to use, modify, and redistribute. No attribution required.