ZeeLin 微博自动发布
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill matches its Weibo auto-posting purpose, but it needs review because it can publish publicly from a logged-in account and its shell-command workflow may run unintended local commands if post text is not safely escaped.
Install only if you are comfortable with an agent controlling a logged-in Weibo tab. Before use, require the agent to show you the exact post text and wait for explicit approval, avoid posting copied untrusted text through the documented shell command, and delete or redact /tmp/weibo_snap.txt after troubleshooting.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or copied post body could potentially execute commands on the user's machine instead of only being passed as post text.
The documented workflow embeds the Weibo post body directly inside a shell command string. If the text contains shell syntax such as embedded quotes, backticks, or command substitution, a shell-based exec tool could run unintended local commands.
{"tool": "exec", "args": {"command": "bash /Users/youke/.openclaw/workspace/skills/zeelin-weibo-autopost/scripts/post_weibo.sh \"微博正文内容\"", "timeout": 60000}}Do not interpolate post text into a shell command. Pass content via a safe argument array, stdin, a temporary file with controlled path/permissions, or robust shell escaping; treat copied web text as untrusted.
The agent could publish public Weibo content from the user's account before the user has reviewed the exact wording.
The skill can generate the post body from a topic and then click publish, but the artifacts do not clearly require showing the final generated text and getting explicit approval immediately before posting.
用户给文案或主题。若只给主题,Agent 生成一条微博正文 ... 用脚本打开微博、填入正文、点击发布。
Require a final draft preview and an explicit user confirmation such as “publish this exact text” before any click on the publish/send button.
Actions taken by the automation appear as actions from the logged-in Weibo account.
The skill intentionally uses the user's already-authenticated Weibo browser session to publish. This is purpose-aligned and disclosed, but it is still account authority.
用户先登录,Agent 撰写内容后用脚本打开微博、填入正文、点击发布。
Use the correct Weibo account/profile, keep Browser Relay attached only to the intended Weibo tab, and turn it off after posting.
Local debug files may contain page/account information, and sharing the whole file for troubleshooting could reveal more than intended.
The script stores a browser page snapshot locally for troubleshooting. That snapshot may include visible Weibo page content or account context.
SNAP_DEBUG="${SNAP_DEBUG:-/tmp/weibo_snap.txt}" ... SNAP=$($CLI snapshot 2>/dev/null) ... echo "$SNAP" > "$SNAP_DEBUG"Review and redact snapshots before sharing them, and delete /tmp/weibo_snap.txt after troubleshooting.