Skillv1.0.0

ClawScan security

百家号发布器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 5:46 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements line up with its stated purpose (automating Baijiahao article publishing via Playwright using a user-provided auth file); nothing in the provided files asks for unrelated credentials or installs arbitrary third‑party binaries/archives.
Guidance: This skill appears internally consistent for automating Baijiahao publishing. Before installing, consider: (1) you must supply a login state (auth.json) or cookie text — treat those files like secrets because they grant account access; do not paste or store them where untrusted code can read them. (2) The script can read files you point it to (auth and content) and accepts absolute paths — ensure you only pass files you intend it to access. (3) Playwright will download Chromium when you run its install step; run installs in an environment you control (virtualenv/containers) if you prefer isolation. (4) I reviewed the visible parts of the script and SKILL.md and found no unrelated credential requests or external exfil endpoints; however part of the Python file was truncated in the listing. If you want higher confidence, review the full scripts/open_baijiahao_edit.py for any unexpected network calls or hardcoded remote destinations, or run it in an isolated/test account first.

Review Dimensions

Purpose & Capability: okName/description state: open Baijiahao editor with an existing login and optionally fill title/content, choose cover, save draft or publish. Declared requirements (python3, Playwright, markdown) and the script that loads Playwright and accepts an auth file/cookie text are consistent with that purpose.
Instruction Scope: okSKILL.md tells the agent to install Playwright and run the included Python script with an auth file or cookie text and optional content files; the runtime instructions operate on the Baijiahao editor page and on local files the user supplies (auth, markdown/content). The script reads only the provided auth and content files and interacts with the baijiahao.baidu.com editor — no instructions to read unrelated system credentials or to send data to other endpoints were found in the visible code.
Install Mechanism: okNo install spec is embedded (instruction-only for dependency installation). Dependencies are standard Python packages (playwright, markdown) and Playwright will download Chromium when the user runs its install step; there are no custom download URLs or obscure archives in the package.
Credentials: okThe skill requests no environment variables or platform credentials. It expects the user to provide an auth storage_state file or a cookie text file; that is appropriate for a browser-automation publishing tool. The script accepts arbitrary file paths for auth/content (normal for this functionality) — users should only point it at files they trust.
Persistence & Privilege: okSkill is user-invocable, not forced-always. It does not request to modify other skills or system-wide agent settings. It does require installing Playwright/Chromium (normal for browser automation) but does not demand permanent elevated privileges.