Skillv1.0.1

ClawScan security

发布短视频到多平台_无限 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 12:24 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's high-level goal (posting the same video to three platforms in sequence) is coherent, but the runtime instructions hard-code a Windows user path and require reading other local skill files without declaring or checking them, which is brittle and potentially surprising; these mismatches warrant caution before installing.
Guidance: This skill is an orchestrator that delegates work to three platform-specific sub-skills and automates a browser to upload the same video sequentially. Before installing: 1) confirm you actually have the three referenced sub-skills installed and accessible (they are expected at C:\Users\admin\.qclaw\workspace\skills\...), or request the skill be updated to accept a configurable workspace path; 2) verify how account logins are handled — the SKILL.md does not document authentication, so ensure the browser automation won't try to use stored credentials unexpectedly; 3) be aware the SKILL instructs adding AI-generated author declarations and also instructs claiming '原创' (original) on one platform — check platform policies and legal/ethical implications; 4) test in a safe environment (non-production account) first, since the hard-coded Windows path makes behavior unpredictable on other machines; and 5) if you do not want autonomous posting, restrict or review the skill's invocation permissions so it cannot run without explicit confirmation.

Review Dimensions

Purpose & Capability: noteThe name/description (publish to Kuaishou, Douyin, Xiaohongshu in sequence) matches the instructions: the skill simply orchestrates three platform-specific sub-skills. Requiring a browser automation flow is expected. However, the skill hard-codes absolute Windows paths under C:\Users\admin\.qclaw\workspace\skills\... and depends on three other skills being present; that is a fragility/mismatch for users on other OSes or with different usernames and should have been parameterized.
Instruction Scope: concernSKILL.md directs the agent to read other SKILL.md files at specific local paths and to launch/drive a browser (OpenClaw browser) to upload files and click UI elements. Reading other skill files in the user's workspace is explainable (it's delegating to sub-skills), but the absolute path is hard-coded to an 'admin' Windows account and not expressed as a configurable workspace path. That could cause the agent to attempt to read unexpected files or fail on different environments. The instructions also instruct generating AI-origin declarations and making originality claims (potential policy/ethics issues), but do not reference any credentials or account handling steps for site logins.
Install Mechanism: okThere is no install spec and no code files — this is instruction-only, so nothing is written to disk by the skill itself. That reduces install-time risk. Browser automation is invoked at runtime, but no packages or external downloads are requested by this skill.
Credentials: noteThe skill declares no required environment variables or credentials, which is consistent with a pure-orchestration skill. However, the SKILL.md assumes access to local skill files in a specific user profile and will rely on the presence of other (undisclosed) platform-specific skills; those sub-skills may themselves require credentials. The orchestrator does not document how login/auth is handled, which is important because the browser automation will act on user accounts.
Persistence & Privilege: okalways is false and model invocation is allowed (default). The skill does not request permanent 'always' presence or attempt to modify other skills' configurations. Autonomous invocation is possible (normal), so consider whether you want an agent to run this flow without prompts, but this alone is not a strong risk signal.