ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Baoyu Danger X To Markdown

v1.103.1

Converts X (Twitter) tweets and articles to markdown with YAML front matter. Uses reverse-engineered API requiring user consent. Use when user mentions "X to...

0· 740·36 current·36 all-time
byJim Liu 宝玉@jimliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill converts X (Twitter) content to Markdown and the included code implements that: fetching X HTML/JS bundles, making GraphQL calls, formatting markdown, localizing media, and handling threads. The ability to obtain X cookies (via environment vars, a cookie file, or Chrome DevTools Protocol) matches the reverse‑engineered API workflow and is proportionate to the stated goal.
Instruction Scope
SKILL.md explicitly instructs reading/writing consent and preference files, launching/using scripts in scripts/main.ts, and performing a blocking first‑time setup (AskUserQuestion). It also tells the agent to check cookie/consent files in user config paths and to run the bundled TypeScript with bun/npx; these steps are expected but grant the skill scope to read browser cookies and create local files — this is within the stated purpose but sensitive.
Install Mechanism
No install spec is provided (instruction-only), so nothing will be downloaded during install. The package contains many source files (including a bundled baoyu-chrome-cdp vendor), but there is no external fetch/install URL. Risk from install mechanism is low, though the presence of executable scripts means runtime execution will run code from the package directory.
Credentials
No required environment variables are declared. The code does optionally read X-specific env vars (X_AUTH_TOKEN, X_CT0, X_GUEST_TOKEN, X_TWID, X_BEARER_TOKEN, X_USER_AGENT, X_CLIENT_TRANSACTION_ID) to accept credentials or override defaults — these are relevant to connecting to X but are sensitive. The skill also includes a hardcoded default bearer token and user agent for anonymous calls; neither is an unrelated credential.
Persistence & Privilege
The skill will create and modify files in user/project config locations (.baoyu-skills, ~/.baoyu-skills, ~/Library/Application Support, ~/.local/share) such as EXTEND.md, consent.json, and a cookie store. It can also launch Chrome (or reuse an existing browser) via CDP to read cookies from the browser profile. These are expected for its function but constitute elevated access to local state and browser session tokens.
Assessment
This skill appears to do what it says, but it needs access to X authentication cookies and will read/write local config files and may launch Chrome to extract cookies. Before installing or running it: (1) review the included scripts (especially cookies.ts/cookie-file.ts and any vendor CDP code); (2) be aware that extracting cookies can expose auth_token/ct0 values that grant access to your X account — only proceed if you trust the source and are comfortable providing cookies or logging into a separate browser profile; (3) prefer supplying ephemeral credentials (env vars) or using an isolated profile rather than letting the tool read your main browser profile; (4) expect the skill to create EXTEND.md and consent.json in your home/project config — back up or inspect these files as needed. If you are uncomfortable with these file/Chrome interactions or do not trust the repository, do not install.
scripts/paths.ts:39
Shell command execution detected (child_process).
scripts/vendor/baoyu-chrome-cdp/src/index.ts:220
Shell command execution detected (child_process).
scripts/graphql.ts:256
Environment variable access combined with network send.
scripts/http.ts:112
Environment variable access combined with network send.
scripts/vendor/baoyu-chrome-cdp/src/index.ts:97
Environment variable access combined with network send.
!
scripts/vendor/baoyu-chrome-cdp/src/index.ts:202
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973a6smt5djhe535jg2vzym9n84sm1f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binbun, npx

Comments