Skillv1.0.0

ClawScan security

CSDN 文章发布 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 11:35 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's actions (automating the browser to open CSDN, fill title/content, and click publish) match its description and it does not request unrelated credentials or installs; behavior is coherent but has some operational risks to note.
Guidance: This skill appears to do what it says (automate publishing to CSDN) and does not ask for unrelated secrets or installs. Before installing or using it, consider: 1) Make sure the browser profile it will use is the account you intend to publish from — the skill will act with that profile's logged-in session. 2) Provide and review article content carefully (avoid posting passwords or private info). 3) Because the instructions target specific page element refs and an iframe, the automation can break if CSDN changes its editor; test on a draft or private post first. 4) Prefer an explicit confirmation/preview step before the final publish click; if the skill does not prompt, manually confirm before invoking the publish action. If you want extra assurance, manually publish or use the skill only for draft uploads until you're comfortable with its behavior.

Review Dimensions

Purpose & Capability: okThe name/description (publish articles to CSDN) match the instructions: open CSDN editor, check login, fill title/content, click publish, and extract the article link. No unrelated binaries, env vars, or installs are requested.
Instruction Scope: noteInstructions are narrowly scoped to browser automation on the CSDN editor and include sensible checks (login, success message). Notes of caution: (1) the steps assume specific DOM refs (e41, f1e1, e322) and an iframe which may be brittle across page changes; (2) the flow does not explicitly require a final user confirmation/preview before clicking publish (it assumes the user's initial trigger implies consent), which could lead to accidental publishing of unintended content.
Install Mechanism: okInstruction-only skill with no install spec, no downloads, and no code files — minimal install risk.
Credentials: noteNo environment variables or credentials are requested, which is appropriate. However, the skill requires using a browser profile (profile="openclaw"); that profile provides access to the user's logged-in session (cookies/tokens). This is expected for a publishing action but is the effective mechanism by which the skill acts on the user's CSDN account, so users should understand the agent will operate with that session's privileges.
Persistence & Privilege: okalways is false and the skill does not request persistent or system-wide changes. Autonomous invocation is allowed by default (normal for skills) and does not by itself raise additional concern here.