Skillv1.0.1

ClawScan security

Toutiao Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 7:28 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required actions are coherent with its stated purpose (browser-based Toutiao publishing with persistent login), but it will install packages, persist authentication cookies to disk, and uses anti-detection features — review these behaviours and run in a trusted or isolated environment.
Guidance: This skill appears to do what it says: it automates a browser to publish to Toutiao and saves login state locally. Before installing, consider: 1) The setup script will create a .venv and pip-install packages (including 'patchright') and will download Chrome/Chromium runtime — only proceed if you trust those packages and are comfortable with network downloads. 2) The tool saves authentication cookies and localStorage to data/browser_state/state.json and auth_info.json in the skill directory; treat these files like credentials and store them securely or delete them when you no longer need the skill. 3) Because the skill includes anti-detection/stealth features, be aware it is intentionally designed to mimic human behavior; that is coherent with the purpose but increases the impact if misused. 4) If you plan to let an agent call this autonomously, restrict it from publishing sensitive or unintended content — consider requiring manual confirmation before any automated publish. 5) The skill owner is unknown and there is no homepage; if you need higher assurance, run the setup in an isolated environment (VM/container), audit the 'patchright' package and the code, or only run the interactive (non-headless) workflows so you can observe actions.

Review Dimensions

Purpose & Capability: okName/description match the included code and SKILL.md: scripts implement interactive and automated browser publishing to mp.toutiao.com, persistent auth, and session management. Required capabilities (Playwright-like automation via patchright, storage of state.json) are expected for this purpose. Minor inconsistency: run.py lists a 'cleanup_manager.py' in help output that is not present in the bundle (harmless but sloppy).
Instruction Scope: okSKILL.md only instructs running the included scripts to authenticate, publish, check status, and clear auth. The runtime instructions/CLI map to the bundled scripts and reference only the Toutiao domain and local files under the skill (data/browser_state, .venv). There are no instructions to read unrelated system files or environment variables. Note: the skill persists cookies/localStorage to data/browser_state/state.json (sensitive data).
Install Mechanism: noteThe registry has no install spec, but the bundled setup_environment.py will create a .venv, pip-install requirements (patchright, python-dotenv) and invoke 'python -m patchright install chrome' which downloads/installs Chromium/Chrome components. This is expected for a Playwright-style automation tool, but it will perform network downloads and write binaries to disk — consider trust of the packages (patchright) and network activity during setup.
Credentials: okThe skill requests no environment variables or external credentials. It persistently stores browser state (cookies/localStorage) and an auth_info.json under the skill's data directory — this is appropriate for maintaining session state but constitutes sensitive account data that will reside on disk. No unrelated credentials or config paths are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It creates a local .venv and writes browser state/auth files under its data directory (expected behavior). Autonomous invocation is allowed by default (platform normal) — consider whether you want the agent to run automated headless publishing without human confirmation.