Skillv1.0.0

ClawScan security

Social Media Publish · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 11:23 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and requirements are consistent with a browser-automation social-media publishing helper; it asks for no unrelated credentials or installs and is instruction-only.
Guidance: This skill is internally consistent, but before installing consider the following: - Browser automation can act using whatever account/session is present in the built-in browser. Do not leave sensitive accounts logged in unless you trust the runtime. Prefer to log in manually and ensure 2FA is enabled. - Confirm that the skill truly prompts you for a final confirmation and a preview of the content before any publish action; require an explicit approval step for every publish. - Ask the provider: does the built-in browser expose cookies, local storage, or network logs to other parts of the system? Does the automation store any account tokens or history? - Be cautious when uploading cover images — prefer to attach files explicitly in the chat or upload during the publish confirmation rather than allowing the skill to read arbitrary filesystem paths. - If you need stronger guarantees, request a more detailed SKILL.md that specifies exactly which UI actions will be performed, whether any data is sent to external endpoints, and how the automation is sandboxed. If those questions are answered satisfactorily and you accept the browser-automation model, the skill's declared scope and requirements are reasonable.

Review Dimensions

Purpose & Capability: okName/description (browser automation to publish to WeChat Official Accounts, Baijiahao, Xiaohongshu) match the SKILL.md steps (open site, manual login, create post, upload cover, save/publish). The skill requests no environment variables, binaries, or installs that would be unexpected for this purpose.
Instruction Scope: noteThe instructions stay within the publishing workflow (open backend sites, ask user for title/content/cover, use built-in browser to automate posting). However they are somewhat high-level and grant the agent broad discretion to navigate and interact with the web UIs ("使用浏览器自动化完成发布"). The file does not explicitly constrain what the agent may click or read from the pages (e.g., session cookies, account pages), so there's a small risk of overreach if the runtime automation is not tightly sandboxed. The skill does state the user must confirm the publish action and that first-time login is manual.
Install Mechanism: okInstruction-only skill with no install spec, no downloads, and no third-party packages requested. This is low-risk from an installation perspective.
Credentials: okNo environment variables, credentials, or config paths are requested. That aligns with the described browser-automation approach which relies on manual login/session in the built-in browser.
Persistence & Privilege: okalways:false (no forced inclusion) and no claims to modify other skills or system-wide settings. The skill does not request persistent privileges or to store secrets itself.