Typecho Blog Publish
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real Typecho blog-publishing skill, but it needs review because it handles a blog password with unsafe default destination settings and can publish or delete public posts without clear approval boundaries.
Before installing or running this skill, set BLOG_URL and BLOG_USERNAME explicitly to your own HTTPS Typecho site, use a dedicated low-privilege password if possible, test with draft mode first, and require confirmation before any public publish, batch publish, media upload, or delete/repost action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could accidentally send their blog password to an unintended server or use credentials over an unencrypted HTTP connection.
The blog password is the main credential, but the endpoint and username are optional and default to a specific HTTP blog/admin account. If the user omits configuration, the credential and blog actions could be sent to the wrong, non-HTTPS destination.
primaryEnv: "BLOG_PASSWORD"; optionalEnv: ["BLOG_URL", "BLOG_USERNAME", "BLOG_XMLRPC"] ... `BLOG_URL` 默认值 `http://yuanblog.tk:9980`; `BLOG_USERNAME` 默认值 `admin`
Make BLOG_URL and BLOG_USERNAME explicit and required, use HTTPS only, remove the hard-coded public default, and use an app-specific or least-privileged blog password.
Draft or unreviewed content could become publicly visible on the user's blog.
The documented default is immediate public publication, which is a high-impact account mutation and lacks an explicit user confirmation step before content goes live.
注意: v2.0 起默认直接发布(不再存草稿),文章会立即公开可见。
Default to draft mode, clearly require user approval before public publishing, and add a preview/dry-run workflow for agent use.
Posts, URLs, comments, or analytics associated with an existing article could be lost if the agent deletes content automatically.
The workflow tells the agent to delete and republish when problems are found, but deletion is potentially irreversible and no confirmation or backup step is described.
如发现问题,立即删除并重新发布(不凑合、不侥幸)
Require explicit user confirmation before deletion, prefer editing or reverting drafts, and document backup/recovery steps.
A user may trust the skill to create drafts while the actual workflow may publish live content.
This safety framing conflicts with the Quickstart's statement that v2.0 publishes directly and immediately. The inconsistent documentation can cause users or agents to misunderstand whether the action is safe draft creation or public publication.
发布为草稿,待预览后手动发布 ... 默认发布为草稿(安全)
Reconcile the documentation to one accurate default behavior and prominently warn whenever a command publishes publicly.
One mistake could create or modify many blog posts before the user notices.
Batch publishing is expected for this skill, but a wrong directory, bad template, or credential misconfiguration could affect multiple posts at once.
python3 scripts/batch_publish.py articles --delay=5
Run batch jobs in draft mode first, limit the directory scope, and review the post list before publishing publicly.
Private or copyrighted images could be uploaded if the wrong path or URL is used.
Uploading selected local files or URL-fetched images is purpose-aligned for blog media, but it transfers file contents to the blog media library.
python3 {baseDir}/scripts/upload_image.py image.jpg ... python3 {baseDir}/scripts/upload_image.py --url "https://example.com/image.jpg"Only upload intended images, verify image rights, and avoid pointing the script at private local files.