Skillv1.0.0

ClawScan security

Weibo Hot Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 9:10 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's description and runtime instructions claim anonymous scraping using bundled scripts, but no scripts are included and the instructions also ask the agent to kill browser processes and may use the user's default browser profile — these inconsistencies and risky actions warrant caution.
Guidance: Do not run or enable this skill as-is. The SKILL.md points to a scripts/weibo-hot-search.ts that is missing from the package — ask the author to provide the script and a full explanation. Verify the script contents before running: ensure it explicitly launches a fresh temporary browser profile (not your default), and remove any automatic pkill logic that would terminate your browser without consent. If you do test it, run in an isolated environment (e.g., disposable VM or container) with a fresh Chrome profile and no sensitive sessions. If the author cannot supply the script or if the script uses your default profile or kills browser processes, treat the skill as unsafe.

Review Dimensions

Purpose & Capability: concernThe skill claims to run a script at scripts/weibo-hot-search.ts to anonymously scrape Weibo hot searches. The registry entry and SKILL.md require either bun or npx which is reasonable for running a TypeScript script, and Chrome/Edge is necessary for CDP-based scraping. However, this is an instruction-only package with no scripts present in the bundle — the key runtime artefact the skill promises is missing, which is a major inconsistency.
Instruction Scope: concernSKILL.md instructs the agent to launch Chrome/Edge via CDP and to use a browser profile directory. It also explicitly tells the agent to automatically terminate existing Chrome/Edge CDP processes (pkill) and retry without asking the user. The doc alternately claims a "full new empty browser config directory" (anonymous) and also defaults to getDefaultProfileDir() (user's default profile). That contradiction means the agent might run with the user's real profile (exposing cookies/session data) or kill the user's browser processes — both are scope creep and risky.
Install Mechanism: okNo install spec or downloads — the skill is instruction-only, so nothing is written to disk by the registry installation. This is low install-risk. The runtime expectation (bun or npx) is declared in SKILL.md rather than installed by the registry.
Credentials: noteThe skill only documents two environment variables (WEIBO_BROWSER_CHROME_PATH and WEIBO_BROWSER_DEBUG_PORT), which are proportionate to controlling which browser binary and CDP port are used. There are no credential or secret env var requirements declared. However, because the instructions may use the default profile directory, the skill could indirectly access sensitive browser data despite not declaring credentials.
Persistence & Privilege: concernThe skill is not always:on and is user-invocable (normal). However, instructions that unilaterally kill Chrome/Edge CDP processes and potentially operate against the default browser profile grant practical privileges that could disrupt user sessions or access local profile data. Those behaviors are not justified by the stated anonymous-scraping goal and increase risk.