ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Doubao Media

v1.0.1

豆包网页端媒体提取与抓包。用于:通过浏览器 Cookie 调用豆包 chat/completion、抓取 SSE 回复、提取和下载图片/视频资产、监控豆包网页生成流程并保存最终媒体 URL 与文件。适用于“继续研究豆包 skill”“把豆包生成的图片/视频拿到”“抓豆包网页请求/媒体资源”“提取豆包生成结果”等场景。

1· 29·0 current·0 all-time
by@huangm199
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the code and SKILL.md: the scripts use Chrome DevTools Protocol to capture browser cookies and network traffic, call Doubao chat/completion, parse SSE, extract media URLs and optionally download assets. All requested actions (cookie capture, SSE parsing, network monitoring) are expected for a media-capture/harvest tool for a web service.
Instruction Scope
SKILL.md instructs the agent to check a local session, capture browser cookies via CDP, open the Doubao login page if needed, monitor network traffic and optionally download media. Those instructions are within the stated purpose but require reading browser cookies and saving them locally. There is a small mismatch: SKILL.md refers to ~/.doubao_chat_session.json while code writes/reads SESSION_FILE using process.env.USERPROFILE (Windows path), which may cause confusion on non-Windows hosts.
Install Mechanism
This is an instruction-only skill with included Node.js scripts and a package.json. Dependencies are limited to chrome-remote-interface (and its normal deps). No arbitrary remote archives or obscure installers are fetched by the skill itself. package-lock.json references a mirror registry (registry.npmmirror.com) but no network installs are triggered automatically by the skill package metadata — installation would be a normal npm install by the user.
Credentials
The skill requests no environment variables or external credentials, which is consistent. However, it programmatically reads cookies from a running browser via CDP and writes them (name/value pairs) unencrypted into a session file in the user's home directory. That cookie access is necessary for the stated functionality but is sensitive: anyone with access to that session file can impersonate the browser session.
Persistence & Privilege
The skill is not forcibly persistent (always:false) and does not modify other skills. It does create a local session file (~/.doubao_chat_session.json or the Windows-based path) containing captured cookies and may open the browser (exec 'start' on Windows). Using CDP requires a browser started with a remote-debugging port (default 18800), which is an elevated debugging surface — enabling it on a primary browser can expose other site cookies if not filtered/isolated.
Assessment
This skill appears to do what it claims, but it requires sensitive access to your browser session: - It connects to a Chrome/Chromium browser via the remote debugging port (default 18800) and reads cookies via CDP. You must run the browser with --remote-debugging-port=18800 for the scripts to work. - The script writes an unencrypted session file with cookie name/value pairs to your home directory. Treat that file as sensitive: inspect it before use and delete it when no longer needed. - To reduce risk: run the tool against a dedicated browser profile or a disposable browser instance (so other logins/cookies are not exposed), or use a temporary VM/container. Avoid enabling remote debugging on your primary browser profile holding other accounts. - Be aware of platform quirks: the code uses a Windows 'start' command and process.env.USERPROFILE for the session path, while SKILL.md references ~/.doubao_chat_session.json — test behavior on your OS before trusting automation. - Review downloaded media and URLs before opening; the script will fetch arbitrary URLs discovered in network traffic. If you trust this source and follow the mitigations above (dedicated browser/profile, delete the session file after use), the tool is coherent with its purpose. If you are uncertain, ask the author for an explanation of cross-platform behavior and consider running it in an isolated environment first.
scripts/doubao_session.js:35
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973y74eq99fdesavxsgh9krtx8476ph

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments