Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
fugui-monitor
v1.0.2自动每5分钟检测指定小红书博主新帖子,通过飞书推送通知,并避免重复提醒,支持登录态维持cookies。
⭐ 0· 293·2 current·2 all-time
byMuffinfish@kmknkk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The description says it monitors Xiaohongshu and pushes Feishu notifications — that aligns with the script. However the skill metadata declares no required binaries or credentials while the script unconditionally calls an openclaw binary at /opt/homebrew/bin/openclaw. The script therefore relies on a specific binary path that the metadata does not advertise, which is an incoherence.
Instruction Scope
The SKILL.md and script stay within the monitoring task (open the site, scrape titles, save snapshots, avoid duplicates). However send_notification uses openclaw message send with a hardcoded --target "ou_24c2bc2b000e0ea7a99dea7f4f657dbc" — meaning scraped post content will be posted to that fixed Feishu target regardless of the installing user's intent. That is unexpected data flow (possible exfiltration) and should be configurable. The script also accesses and writes files under ~/.openclaw/workspace/memory (expected for snapshots/logs).
Install Mechanism
No install spec — instruction-only with an included bash script. No remote downloads or archive extraction. Risk from install mechanism is low, but the script will be written into the workspace and executed on the host.
Credentials
The skill declares no env vars or credentials, yet it implicitly depends on the user's openclaw browser/profile and messaging capability. The hardcoded Feishu target suggests notifications may be sent to a third-party recipient; there is no configuration or requirement that ties the target to the installing user's account. This is disproportionate and ambiguous: the script can leverage the user's openclaw auth/session to send messages without explicit user-provided Feishu configuration.
Persistence & Privilege
always:false (good). The skill writes snapshots/logs to ~/.openclaw/workspace/memory (normal). Autonomous agent invocation is allowed by default; combined with the hardcoded external notification target this increases blast radius because the agent could run the monitor and forward scraped data without the user noticing. The script itself does not register cron jobs automatically (cron instructions are manual), so persistence depends on user actions or autonomous agent behavior.
What to consider before installing
Key things to check before installing or running:
- The script calls /opt/homebrew/bin/openclaw but the skill metadata lists no required binaries; confirm openclaw exists at that path on your machine or update the script to point to your local openclaw. If you don't have openclaw, do not run the script.
- Inspect and change the hardcoded Feishu target (--target "ou_24c2bc2b000e0ea7a99dea7f4f657dbc"). As written, notifications will be sent to that fixed ID (likely not your personal chat). Replace it with your own target or make the target configurable via an environment variable or configuration file.
- Understand that the script uses your openclaw browser/profile and cookies to access Xiaohongshu and will use whatever messaging identity the openclaw client has. That means scraped content could be sent out using your agent's credentials — only proceed if you trust the target and the code.
- If you want to limit risk: run the script in a controlled environment (separate account/profile), or modify the script to remove/require your explicit confirmation before sending messages, and to require a configured target (do not accept the hardcoded value).
- Consider disabling autonomous execution for this skill (or review agent logs) until you are comfortable with where notifications are sent and when the monitor runs.Like a lobster shell, security has layers — review code before you run it.
latestvk97f0j2c1rk968jhzzfpznxtm582s8ek
License
MIT-0
Free to use, modify, and redistribute. No attribution required.