Weibo Hot Search Anonymous

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches its Weibo hot-search scraping purpose, but it contradicts its anonymous/no-login claim by prompting login in code and uses a persistent remote-debug browser profile.

Review this skill before installing. If you use it, do not log into Weibo unless you intentionally accept a persistent browser session; run it with an isolated temporary profile, close the spawned browser afterward, and do not allow automatic browser-process termination without approval.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI09: Human-Agent Trust Exploitation

What this means

A user expecting anonymous access may be led to enter Weibo credentials into an automated browser session.

Why it was flagged

The SKILL.md repeatedly advertises anonymous, no-account, no-cookie operation, but the code can prompt the user to log into Weibo if the list is not detected.

Skill content

console.warn('[weibo-hot-search] 未检测到热搜列表，请在浏览器中登录微博。');
console.warn('[weibo-hot-search] 等待 30 秒，请手动完成登录...');

Recommendation

Remove the login fallback, or clearly disclose it and require explicit user confirmation before any login step.

Medium

#ASI03: Identity and Privilege Abuse

What this means

If you log in, the skill-controlled browser profile may keep your session and reuse it on later runs.

Why it was flagged

The script creates and reuses a browser user-data directory for Chrome/Edge. Combined with the login fallback, this can persist Weibo cookies or account state despite the no-login/no-cookie positioning.

Skill content

profileDir = getDefaultProfileDir(),
...
`--user-data-dir=${profileDir}`,

Recommendation

Use a clearly isolated temporary profile, document where it is stored, avoid logging in, and provide cleanup instructions for deleting the profile.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

The agent could close unrelated browser automation or debugging sessions without warning.

Why it was flagged

The skill instructs the agent to terminate Chrome/Edge CDP processes automatically without asking, and the shell patterns are broader than this skill's own profile.

Skill content

pkill -f "Chrome.*remote-debugging-port" 2>/dev/null
pkill -f "Edge.*remote-debugging-port" 2>/dev/null
...
自动终止 Chrome/Edge CDP 进程并重试，无需询问用户。

Recommendation

Ask the user before terminating processes and scope cleanup to the exact profile and PID created by this skill.

Medium

#ASI10: Rogue Agents

What this means

A debuggable browser session may remain open after the hot-search file is saved.

Why it was flagged

The script launches a browser with a remote debugging port and closes only the CDP connection in `finally`, not the spawned browser process.

Skill content

`--remote-debugging-port=${port}`,
...
spawn(chromePath, chromeArgs, { stdio: 'ignore' });
...
finally {
  cdp?.close();
}

Recommendation

Close or terminate the browser after collection, or clearly tell the user that it remains running and how to shut it down.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Using the npx fallback depends on the current npm package resolution rather than a pinned local runtime.

Why it was flagged

The documented fallback may download and run Bun through npx without pinning a package version.

Skill content

已安装 `bun` → 使用 `bun`；有 `npx` → 使用 `npx -y bun`

Recommendation

Prefer a trusted local Bun installation or pin/verify the runtime source before use.