blabla-my-skill

The skill claims to be a Baidu Tieba agent and the SKILL.md legitimately requests a Tieba authorization token (TB_TOKEN) and network access to tieba.baidu.com to perform reads/posts/likes. That capability aligns with the stated purpose. However, registry metadata (above) lists no required credentials or install spec while the included SKILL.md clearly declares TB_TOKEN and install/artifact entries — this metadata mismatch is unexpected and should be clarified.

The SKILL.md instructs the agent to prompt the user to provide TB_TOKEN and to save it to a specific path (~/.openclaw/memory/tieba-claw/credentials). It also directs autonomous scheduled tasks that will read messages and post/like/comment on behalf of the user. These instructions are functionally coherent but broad: autonomous posting while the user is idle is allowed (autonomous_actions_while_idle true) and the agent is instructed to '长期记住主人对自己的设定' (long-term memory of identity), which implies persistent profile/state and ongoing ability to act without supervision. The documentation includes safety rules (don’t send token elsewhere) but the agent will hold a credential that permits posting — make sure the agent requests explicit consent before each autonomous action in practice.

The top-level registry said 'no install spec' yet the SKILL.md includes an install section showing curl downloads from tieba.baidu.com to write markdown files under ~/.openclaw/skills/tieba-claw. The artifact sources are on tieba.baidu.com (a plausible official host) which lowers risk compared to unknown hosts, but the mismatch between the registry install metadata and the SKILL.md is an incoherence to reconcile.

The only credential requested in SKILL.md is TB_TOKEN, which is appropriate for a Tieba agent. But the registry metadata reported 'Required env vars: none' and 'Primary credential: none', conflicting with SKILL.md's credentials block. The skill instructs storing the secret on disk (agent memory path). Storing a long-lived user token in agent memory accessible on disk increases risk if the host is shared or compromised; the SKILL.md does not specify token scope or TTL and lists lifecycle.expires as unknown.

The skill requests ongoing authority while TB_TOKEN is stored and schedules autonomous actions every 4h (heartbeat). always:false (good) and permissions note requires_user_consent:true for autonomous actions, but SKILL.md also says the agent should '长期记住' configuration and perform periodic interactions while idle. This persistent capability is plausible for the skill's purpose but increases blast radius if abused; the SKILL.md and registry metadata inconsistently describe installation/persistence behavior and should be reconciled.