S.H.I.T底刊摘要
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward website scraper, though it depends on external npm/Playwright downloads and the documentation overstates AI/JSON features not implemented in the included code.
Before installing, be aware that this skill downloads npm dependencies and a Playwright browser, and confirm that the current implementation meets your needs because the included code does not yet perform the advertised AI analysis or JSON publication-date export.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill's dependencies can add executable browser tooling and npm packages to the user's environment.
The setup downloads third-party npm packages and a Playwright-managed Chromium browser. This is expected for a Playwright scraper, but it is still external dependency installation that users should review.
npm install playwright jsdom npx playwright install chromium
Install in a controlled project environment, prefer reviewed lockfiles or pinned versions where possible, and use trusted package registries.
Users may expect automated AI analysis or structured JSON output, but the included code currently only scrapes and prints article titles/DOIs.
The implementation labels LLM analysis and public-account publishing as future work, while the skill description advertises automatic AI analysis and JSON-style outputs. This is a capability/documentation mismatch, not hidden malicious behavior.
// 此处后续可集成 LLM 分析与公众号发布
Verify the actual output before relying on the skill in a workflow, and update the documentation or implementation so advertised capabilities match the code.