v1.0.0

social-media-analysis

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:17 AM.

Analysis

This skill matches its stated social-media analysis purpose, but it can use Feishu app credentials to read and bulk-update business table records while also making broad external network and shell-tool calls that are under-declared in the registry metadata.

GuidanceReview this skill before installing or invoking it. It appears purpose-aligned, but only run it with a least-privilege Feishu app, a verified Bitable URL, a small LIMIT, and reviewed source URLs. Be cautious with APP_SECRET and XHS_COOKIE, and run the media-processing tools in a non-privileged environment.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

entrypoint:
  command: "node"
  args:
    - "scripts/run_backfill.js" ... `yt-dlp -o video.mp4 URL` ... `ffmpeg -i video.mp4 -vf "fps=1/5"`

The skill entrypoint runs a backfill script and the workflow documents broad media-processing commands over table-provided URLs. These operations are central to the purpose but are powerful and depend on external tools and untrusted URL inputs.

User impactA bad or unexpected URL in the table could cause the agent to fetch or process content the user did not intend, and the shell/media tools increase the blast radius of mistakes.

RecommendationRestrict input URLs to expected social-media domains, review the target records before running, and ensure yt-dlp/ffmpeg/Playwright are installed from trusted sources.

Unexpected Code Execution

SeverityMediumConfidenceMediumStatusNote

scripts/parse-xiaohongshu.js

const result = execSync(cmd, { encoding: 'utf8' });

The static scan shows synchronous shell command execution inside a parser script. Shelling out is expected for this media-downloading skill, but users should treat it as sensitive execution authority.

User impactThe skill may run local commands as part of media parsing, so unsafe command construction or unexpected inputs could affect the local environment.

RecommendationRun only with reviewed inputs, avoid privileged environments, and prefer scripts that pass arguments without shell interpolation.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

| `yt-dlp` | 微博/B 站视频下载 |
| `ffmpeg` | 视频抽帧 |
| `node` | 运行 JS 脚本 |
| `playwright` | 今日头条渲染 |

The skill depends on external local tools, but the registry declares no required binaries and there is no install spec. This is not malicious, but it leaves provenance and setup requirements to the user.

User impactUsers may unknowingly rely on whatever versions of these tools are present locally, which can affect safety and reproducibility.

RecommendationInstall required tools from trusted sources, pin versions where possible, and update the skill metadata to declare these dependencies.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/backfill-content-analysis-by-source.js

const APP_ID = env("APP_ID");
const APP_SECRET = env("APP_SECRET");
const BITABLE_URL = env("BITABLE_URL"); ... body: JSON.stringify({ app_id: APP_ID, app_secret: APP_SECRET }) ... records/batch_update

The script uses Feishu app credentials to obtain a tenant access token and then batch-update Bitable records. This is purpose-aligned but grants high-impact read/write authority over business data.

User impactIf pointed at the wrong table or run with an over-privileged Feishu app, the skill can modify many records in a shared Feishu Bitable.

RecommendationUse a least-privilege Feishu app, test on a copy or small limit first, keep ONLY_EMPTY enabled unless intentional, and back up important table data before running.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/download-xiaohongshu-album.js

const DEFAULT_COOKIE = COOKIE || process.env.XHS_COOKIE || '';
...
headers: {
  'Cookie': DEFAULT_COOKIE,

The script can use a Xiaohongshu cookie supplied by argument or environment variable. This is expected for accessing protected content, but it is session credential handling.

User impactProviding a real account cookie gives the script access as that Xiaohongshu session for requests it makes.

RecommendationUse a dedicated low-privilege account/session if possible, do not paste cookies into shared logs, and rotate the cookie after use if exposure is a concern.