v1.0.0

餐厅推荐交叉验证

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

The skill matches its restaurant-recommendation purpose, but it relies on logged-in scraping, stored browser sessions, proxies, and local setup steps that users should review carefully before installing.

GuidanceReview this skill before installing. It is coherent for restaurant cross-checking, but real data use depends on logged-in scraping and saved browser sessions for Xiaohongshu/Dianping. Use a separate account if possible, avoid sensitive personal sessions, review the setup and session-management scripts, and consider whether scraping/proxy use complies with the platforms’ terms.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

IMPLEMENTATION.md

自动保存 cookies、localStorage ... 只保存会话状态 ... 不接触敏感信息

The documentation says it saves cookies/localStorage but also claims it does not touch sensitive information. Auth cookies and browser session state are sensitive because they can preserve logged-in access.

User impactUsers may underestimate the privacy and account-access risk of saved browser sessions.

RecommendationTreat saved sessions as sensitive credentials; store them securely, restrict file permissions, and avoid using important personal accounts unless necessary.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Anti-scraping: Use residential proxies, rotate user agents

The skill explicitly recommends anti-scraping evasion techniques for third-party services. This is related to the stated purpose, but it is a materially risky automation pattern.

User impactUse could violate platform terms, trigger account or IP blocking, or create legal/compliance issues.

RecommendationPrefer official APIs or manual research where possible, follow platform terms, keep request volume low, and avoid proxy-based evasion unless you understand the consequences.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

QUICKSTART.md

bash setup.sh ... 安装所有 Python 依赖 ... 下载 Playwright 浏览器

The setup flow installs dependencies and downloads browser components, but the registry lists no install spec. The behavior is disclosed and purpose-aligned, yet users should review it before running.

User impactRunning the setup changes the local environment and pulls external packages/browser binaries.

RecommendationReview setup.sh and requirements before running, install in a virtual environment, and pin or verify dependencies where practical.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Xiaohongshu ... Authentication: Cookies required for full access

The skill needs authenticated Xiaohongshu access via cookies, while the registry metadata declares no primary credential or required environment variables. Browser cookies/session state can grant account access.

User impactInstalling and using the real-data workflow may cause the skill to use or retain logged-in third-party account sessions.

RecommendationUse only if you are comfortable granting this access; prefer a separate low-risk account, review session storage behavior, and clear saved sessions when finished.