Skillv1.0.0

ClawScan security

知乎草稿写手 Zhihu Draft Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 6:14 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (creates Zhihu drafts using a third‑party LLM) and requests only one API key, but it will control your logged‑in browser and send page content to an external endpoint (cc.zhihuiapi.top) — this is coherent with the stated purpose but has privacy/third‑party risks you should verify before installing.
Guidance: Before installing: understand what this skill will do — it will control your logged‑in Chrome session to read Zhihu pages (questions and comments) and will send that content to a third‑party API at https://cc.zhihuiapi.top using the ZHIHUIAPI_KEY you provide. This is coherent with its purpose but has privacy and trust implications. Recommended steps: 1) Verify the trustworthiness, privacy policy, and billing/abuse behavior of cc.zhihuiapi.top (or the provider of your ZHIHUIAPI_KEY) before putting a real key in your environment. 2) Test first with a throwaway Zhihu account and a limited/sandbox API key to confirm behavior and that drafts are never published. 3) Keep the skill directory and data/history.json under your control; review the history file periodically. 4) Be aware that enabling OpenClaw hostControl gives the agent the ability to interact with your browser — if you are uncomfortable, do not enable that setting. 5) Do not store other secrets in the same environment where you set ZHIHUIAPI_KEY. If you want greater assurance, ask the skill author for an audited/known provider or modify the workflow to use a model/provider you already trust.

Review Dimensions

Purpose & Capability: okName/description (generate Zhihu drafts) align with what the skill requests and instructs: it needs a model API key (ZHIHUIAPI_KEY), uses curl, reads Zhihu pages and saves drafts. Required binaries and env var are proportionate to the stated goal.
Instruction Scope: noteRuntime instructions explicitly require host browser control to read hot questions, comments, and to write drafts; they read/write a local history file and send question+comments+style to an external inference API. This is expected for web-automation + LLM generation, but it means page content (including any personal data visible in the browser) will be transmitted to the external model provider.
Install Mechanism: okInstruction-only skill with no install spec or remote downloads. No code is written to disk beyond the skill's own data/history.json, so installation risk is low.
Credentials: concernOnly one credential is requested (ZHIHUIAPI_KEY), which matches the declared external API (cc.zhihuiapi.top). That key will be used to call a third‑party inference endpoint — reasonable for the feature but potentially high-impact (it enables the upstream service to see all prompt and page content). The endpoint is not a widely-known vendor; confirm its trustworthiness before providing the key.
Persistence & Privilege: okSkill is not always-enabled, does not request elevated platform privileges, and only writes an append-only local history.json under its baseDir. It requires OpenClaw hostControl to drive the browser (a necessary capability for this class of skill) — enabling hostControl grants the skill the ability to control the logged-in browser session, so treat that setting as sensitive.