ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pinterest Browser Publisher

v1.0.2

Automate Pinterest pin publishing via browser automation (Playwright). No API key needed. Supports jp.pinterest.com, single pins, carousels, and batch publis...

0· 102·0 current·0 all-time
by@luoboask
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Playwright-based Pinterest publisher) match the included scripts: they automate browser login, persist cookies, upload images, fill title/description, and click publish. However some files contain developer-specific absolute paths (/Users/dhr/...) for images and screenshots, and these are unrelated to the skill's stated configuration model (which expects user-provided images). Hardcoded paths are likely leftover test artifacts and are inconsistent with a general-purpose skill.
!
Instruction Scope
The SKILL.md instructs installing Playwright and saving cookies to ~/.config/pinterest/cookies.json which is expected. But some scripts print cookie contents (force-login.js logs cookie names and first 50 chars) — exposing authentication tokens to stdout — and several scripts write screenshots/saves to explicit /Users/dhr/... paths (not only HOME-based paths), which is unexpected and may fail or leak information. Scripts also try multiple site URLs and include wide timeouts and manual-fallback flows; these are reasonable for brittle UI automation but give the code broad discretion (file reads/writes, screenshots, long waits).
Install Mechanism
There is no platform install spec in registry metadata (instruction-only), but SKILL.md and package.json require installing Playwright and Chromium. Playwright will download browser binaries during install/runtime; that is normal but significant. The package-lock.json shows packages resolved from registry.npmmirror.com (a mirror) and a playwright-core that requires Node >=18, while SKILL.md says Node 16+. These mismatches are sloppy and could cause runtime failures or pull packages from a non-default registry — worth verifying before installation.
!
Credentials
The skill declares no required environment variables (good), and uses only HOME/USERPROFILE to read/write ~/.config/pinterest/cookies.json which is appropriate. However the code also references absolute paths tied to a specific developer account and prints cookie values (sensitive session tokens) to console. While cookies must be stored for session reuse, printing token prefixes and leaving cookie files on disk increases risk if you run this in a shared environment. There are no external secrets requested, but the handling of session cookies is the primary sensitive surface and is currently treated sloppily.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It stores cookies and config under the user's home config directory (~/.config/pinterest) which is expected for session persistence. It does not modify other skills or global agent settings.
What to consider before installing
This skill appears to implement browser automation for Pinterest and needs Playwright and Chromium — that's expected. Before installing or running it: - Inspect and remove or update hardcoded absolute paths (e.g., /Users/dhr/...) in scripts; they will fail or act on unintended files. - Be aware it saves session cookies to ~/.config/pinterest/cookies.json; treat that file as highly sensitive (contains auth/session cookies). Do not commit it to git or leave it in shared environments. - Consider removing or modifying lines that print cookie values to stdout (force-login.js logs cookie names and value prefixes) to avoid leaking tokens to logs. - Verify Node version (package-lock/playwright indicate Node >=18) and the registry source in package-lock.json (npmmirror) before npm installing; prefer the official npm registry unless you intentionally use a mirror you trust. - Run the skill in an isolated account/container if possible the first time, and monitor network/console activity. If you rely on this in production, fork the repository, sanitize developer-specific paths, and remove any unnecessary logging of secrets. These issues look like careless engineering rather than deliberate malign behavior, but they increase your exposure to accidental token leakage and runtime surprises, so proceed cautiously.

Like a lobster shell, security has layers — review code before you run it.

latestvk978b2t2v2q7jqd972t4d5wfvn83nzq9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments