ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

知乎发帖 (Zhihu Post via Browser Relay)

v1.0.0

在知乎发布内容(专栏文章、想法/动态)。使用 Chrome Browser Relay 控制用户的 Chrome 浏览器完成发布。触发词:知乎发帖、发知乎、知乎文章、知乎想法、zhihu post、发布到知乎、帮我发知乎。

0· 673·7 current·7 all-time
byjiao yang@inuyashayang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (posting to Zhihu via Chrome Browser Relay) aligns with the actual artifacts: an instruction-only SKILL.md that uses browser(action=...) calls and a small local Python preprocessor for Markdown-to-HTML and length checks. No unrelated env vars, binaries, or installs are requested.
Instruction Scope
Instructions explicitly require an attached, logged-in Chrome tab and then use Browser Relay actions (snapshot, act, upload, screenshot) and small JS snippets to fill editors and click publish. This stays within the stated purpose. Note: controlling an attached browser tab is powerful — the skill assumes control of the user's logged-in tab and can perform any action that the user could in that tab. The SKILL.md does not instruct reading or exfiltrating unrelated system files or contacting endpoints outside Zhihu.
Install Mechanism
No install spec and no external downloads — lowest-risk delivery. The included scripts are small and local (markdown preprocessor). Nothing is written to disk by an installer or fetched from arbitrary URLs.
Credentials
No environment variables, API keys, or credentials are requested. The skill asks the user to place images in /tmp/openclaw/uploads/ for upload — this local path requirement is proportionate to image upload functionality and is documented in README/SKILL.md.
Persistence & Privilege
always is false (normal). disable-model-invocation is false (platform default), so the agent could invoke the skill autonomously. Because the skill acts through Browser Relay, autonomously invoked runs could post when a Chrome tab is attached; however, the SKILL.md requires the user to attach the tab first, which limits silent action. Users should be aware of the privilege implied by granting the Browser Relay extension and of leaving tabs attached.
Assessment
This skill appears to do exactly what it says: automate posting to Zhihu by controlling an already-attached Chrome tab and pre-processing Markdown locally. Key things to consider before installing: 1) Browser Relay grants the skill the ability to act as you in any attached, logged-in tab — only attach tabs you trust and detach when not using the skill. 2) The included Python script runs locally and only does Markdown→HTML and length checks; review it if you want to be sure. 3) There are no external installs or secret requests, which is good; nevertheless, only install skills from publishers you trust because they can automate actions in your browser once a tab is attached. 4) If you are concerned about autonomous invocation, avoid leaving Browser Relay-attached tabs open or limit the agent's ability to invoke skills autonomously via your platform controls.

Like a lobster shell, security has layers — review code before you run it.

latestvk9723nxehq9rhzjav3477baxz1824h83

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments