Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
bleisure-micro-vacation
v1.0.0像一个经常出差的朋友,根据城市/酒店/地标与时段,用共情开场 + 嵌入式选项智能捕捉隐性需求(散步/喝一杯/放松等),不用固定菜单;用系统时间编排松弛的时间线,白天追问能玩多久、晚间追问是否早起;联网整理可执行方案;输出氛围图、故事感时间线、情境文案、高德导航链接、小红书关键词,结尾推你出门。全程提供强情绪价值,...
⭐ 0· 42·0 current·0 all-time
by@keyikoi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Most required actions (reading a local amap API key, looking up POIs, producing navigation links, storing lightweight user prefs in standups.md) align with the stated goal of producing actionable, local micro‑vacation plans. However, the references include a CDP-based scraper (references/xiaohongshu-cdp.md) that expects a localhost:3456 proxy and Node/Chrome remote debugging — capabilities not implied by the description and not declared in the skill metadata. Requiring control of the user's local browser session is outside what a typical 'travel suggestion' skill would need unless the user explicitly provided and consented to that infrastructure.
Instruction Scope
The runtime instructions direct the agent to read and write local files in the skill directory (config/amap-api-key.md, standups.md) — reasonable for this feature — but also to call local endpoints (http://localhost:3456/new, /eval, /close) and POST JavaScript to be executed in the user's browser via CDP. That allows the agent to inspect page DOM of pages loaded in the user's logged‑in Chrome (potentially exposing account data) and run arbitrary JS in the browser context. The CDP fetch is described as mandatory when available. The SKILL.md also references a specific script path in another skill (~/.cursor/skills/holiday-enough/scripts/check-deps.mjs), creating tight coupling to external local tooling.
Install Mechanism
This skill is instruction-only (no install spec, no packages downloaded), which limits direct remote code installation risk. However, it explicitly expects or prefers local tooling (Node 22+, Chrome remote debugging, a localhost CDP proxy) that are outside the skill bundle; reliance on these external components increases operational complexity and risk because the agent will probe local services.
Credentials
No environment variables or external API secrets are declared, which on the surface is good. But the instructions implicitly require access to: the skill directory files (config/amap-api-key.md and standups.md), the system time/context, and a local Chrome instance (with user login) via a localhost CDP proxy. Accessing a logged‑in browser session (to scrape Xiaohongshu pages) is privacy‑sensitive and not made explicit in the top-level skill metadata. The skill will also append to standups.md automatically after certain interactions (persistence), which is expected for memory but should be clearly disclosed to users. The implicit requirement that Chrome be logged in to Xiaohongshu may cause the skill to expose data from the user's account via the CDP flow.
Persistence & Privilege
The skill reads and appends to standups.md in its directory to store user/team preferences; that is consistent with its intended 'memory' behavior and is disclosed in SKILL.md. always:false and normal autonomous invocation settings are used. There is no indication it modifies other skills or system settings, but it does rely on and call out to files and scripts in a different skill's path (holiday-enough), which is unexpected coupling rather than privileged modification.
What to consider before installing
What to watch out for before installing or enabling this skill:
- Local browser/CDP access: The skill’s docs require a Chrome remote‑debugging/CDP proxy on localhost:3456 and instruct the agent to POST JavaScript to that proxy to scrape Xiaohongshu pages. That will use whatever is open in your Chrome session (including logged‑in pages). Only enable this if you intentionally run the specified proxy and are comfortable the agent can access your browser session.
- Implicit dependencies and coupling: The skill expects Node (22+), Chrome remote debugging, and may reuse another skill’s infrastructure (~/.cursor/skills/holiday-enough). If you don't have those components, the skill will fall back to keywords — but the CDP step is described as "must" when available. Consider whether you want the agent to probe localhost and those paths.
- Local file reads/writes: The skill reads config/amap-api-key.md and will append entries to standups.md for persistent memory. Inspect those files for any sensitive content before use and be prepared to delete/clear standups.md if you want to remove stored preferences.
- Privacy risk from scraping: If you keep Xiaohongshu logged in, the CDP extraction can surface content tied to your account. If you are uncomfortable exposing that, do not enable Chrome remote debugging or do not run the localhost proxy; alternatively, remove or disable the CDP‑related workflow.
- Recommended mitigations: (1) Only enable the skill if you understand and consent to the local CDP usage; (2) run the skill in an environment where Chrome remote debugging is disabled unless you intentionally start it for this purpose; (3) review standups.md and remove any sensitive data; (4) prefer to use the skill with API Key in config/amap-api-key.md if you trust the Amap usage, or leave the file as YOUR_KEY_HERE to force WebSearch fallback; (5) ask the skill author (if possible) to make CDP optional and require explicit, per‑session consent before attempting localhost connections.
If you want, I can summarize the exact lines in SKILL.md that reference localhost/CDP and file writes so you can review or share them with an admin.Like a lobster shell, security has layers — review code before you run it.
latestvk97a30pg7rbe8kn37g5y3nh0b184436w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.