Skillv1.0.1

ClawScan security

creator-finder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 18, 2026, 4:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (Playwright-based scraper for 小红书) but the package includes persisted authentication cookies and persistent checkpoint files and mentions optional external export (飞书) — these artifacts increase privacy and persistence risk and should be reviewed before running.
Guidance: This skill is functionally coherent for scraping 小红书, but take precautions before installing: 1) Inspect and remove config/cookies.json shipped with the skill — do not reuse unknown cookies; treat them as sensitive credentials. 2) Search the full code for any references to external endpoints (feishu, webhook URLs, requests.post/etc.) before running; if present, review what data would be sent. 3) Run first in an isolated/sandboxed environment or VM and with a throwaway 小红书 account to verify behavior. 4) If you must use your real account, delete the bundled cookies file and perform a fresh QR login so only local, user-controlled cookies are stored. 5) Consider throttling and obeying platform TOS — scraping may violate terms. 6) If you want lower risk, ask the maintainer for a version without pre-filled cookies and with explicit code comments for any external integrations. If you want, I can scan the remaining truncated portions of src/xhs_creator_finder.py for outbound network calls or feishu integration if you provide the full file.

Review Dimensions

Purpose & Capability: noteName/description match the code: it uses Playwright to open Chrome, log in (QR scan or cookies), search 小红书 and export results. The included dependencies and setup commands are appropriate for a browser scraper. One oddity: the release bundles a config/cookies.json containing session tokens — while cookies are functionally related (used to authenticate), shipping pre-filled cookies in a skill package from an unknown source is unexpected.
Instruction Scope: noteSKILL.md explicitly instructs opening Chrome, scanning QR to log in, and saving cookies; the code implements cookie loading/saving, checkpointing, and file exports. The instructions write data to local output/ and persist checkpoint and cookies; they do not (in the provided code) call external endpoints other than xiaohongshu.com. The skill therefore stays within its scraping purpose, but it has broad discretion to read/write local files (cookies, checkpoint, outputs).
Install Mechanism: okNo remote arbitrary download/install is present; dependencies are standard Python packages (playwright, pandas, openpyxl) and skill.json includes pip/playwright install steps — reasonable for this tool. No hidden download URLs or extract actions were found in provided manifests.
Credentials: concernThe skill requests no environment variables, which is appropriate. However, the package includes config/cookies.json containing many session cookies and tokens (e.g., id_token, web_session). Embedding live session cookies in a distributed skill is disproportionate and risky: anyone running the skill could inherit that account context, and those tokens are sensitive. Docs also mention an optional 'feishu' output target — check whether code actually implements outbound Feishu API calls before trusting the package.
Persistence & Privilege: noteThe skill persistently writes cookies, checkpoint.json, and output files into the skill workspace (config/ and output/). always is false and autonomous invocation is allowed (platform default). Persistent storage is reasonable for a scraper with checkpointing, but combined with bundled cookies it increases the risk surface (stolen/embedded cookies, long-lived checkpoint data).