Skillv1.0.0

ClawScan security

Zhihu CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 3:08 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches a Zhihu CLI, but the instructions ask you to install an unvetted npm package and to auto-extract and store browser cookies (sensitive data) without explaining how—this mismatch and the lack of source metadata is concerning.
Guidance: Before installing or running this CLI, verify the npm package source and inspect its code: find the package author, repository, and homepage on npm. Understand exactly how 'zhihu login' extracts cookies (which browser files it reads) and whether cookies are stored or transmitted elsewhere; storing cookies in plain files (~/.zhihu-cookie) risks credential theft. Prefer safer authentication methods (OAuth or token-based) if available. If you must try it, run the npm package in an isolated environment (VM or disposable container), and do not use accounts with sensitive access. Ask the publisher for the package repository link and a detailed explanation of cookie handling and Browser Relay behavior; absence of those answers increases risk.

Review Dimensions

Purpose & Capability: concernThe skill claims to be a CLI for Zhihu which plausibly needs authentication, but the SKILL.md promotes an npm package that 'auto-extracts cookies from Chrome' and stores them in ~/.zhihu-cookie. The skill metadata declares no required config paths or credentials, so the implied need to access browser cookie stores is not documented or justified.
Instruction Scope: concernRuntime instructions tell users to npm install (or npx) an external package and to run 'zhihu login' which 'opens Chrome and extracts cookies automatically'. The docs also advise storing cookies in ~/.zhihu-cookie and include JS snippets for Browser Relay to click buttons. These steps involve reading sensitive local browser data and executing JS in a browser context—actions outside a simple read/search use-case and not fully explained.
Install Mechanism: concernThere is no install spec bundled with the skill; SKILL.md instructs installing from the public npm registry (npm install -g zhihu-cli or npx). Installing an unvetted npm package from an unknown source (no homepage, no repository listed) is moderate-to-high risk because the package could perform arbitrary actions (including cookie extraction/exfiltration).
Credentials: concernThe skill requests no environment variables but instructs handling of sensitive credentials (browser cookies) and persistent storage (~/.zhihu-cookie). Sensitive access is implied but not declared. There is no explanation about file protections, encryption, or what the cookie file contains/is used for—this is disproportionate to the metadata provided.
Persistence & Privilege: okThe skill does not request always:true, does not claim to modify other skills or system-wide configs, and is user-invocable. No elevated platform-level privileges are requested in the metadata.