移动网大自动挂机Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for automating Wangda course study, but it uses stealth browser automation, logged-in browser profiles, and recurring OS scheduled tasks that need careful review.
Install only if you intentionally want unattended Wangda course automation and understand it may violate site or employer training rules. Use a dedicated Chrome profile, confirm any scheduled task it creates, know how to stop/remove it, and review the stealth extension before trusting it with a logged-in account.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may continue controlling the browser and advancing courses in the background until the scheduled task is removed.
The skill creates recurring OS-level scheduled tasks to run `tools.py monitor-hook`, allowing it to keep acting after the initial command.
cron_line = f"*/{interval_min} * * * * {cron_cmd} {cron_tag}" ... ["schtasks", "/create", "/tn", task_name, "/tr", cmd, "/sc", "MINUTE", "/mo", str(interval_min), "/f"]Only use it if you explicitly want background automation; verify the scheduled task is created with your consent and know how to remove the WANGDA_MONITOR/WangdaMonitor task.
Users may not realize the skill is designed to conceal automation from the website, which can create account, compliance, or trust risks.
The Chrome launch options deliberately hide automation signals and load a stealth extension, while SKILL.md frames the behavior simply as course learning assistance.
"--disable-blink-features=AutomationControlled", "--exclude-switches=enable-automation", f"--load-extension={ext_dir}"Disclose the stealth behavior prominently and let users decide whether they accept the site-policy and account risks.
A browser extension with stealth/dynamic execution can alter page behavior in ways that are hard for the user to inspect.
The static scan reports dynamic code execution in a stealth extension, and the snippet indicates anti-debugger/anti-detection behavior.
// 对抗 new Function("debugger") 及各种混淆变体Avoid loading stealth code unless it is fully reviewed; provide the full extension source, explain exactly what it changes, and remove dynamic/anti-debugger behavior if not essential.
If pointed at a real browser profile, the skill can act as the logged-in user and may expose that browser session to local DevTools control.
The skill runs Chrome with a persistent profile directory and remote debugging enabled, which grants broad control over the logged-in browser session.
f"--remote-debugging-port={DEBUG_PORT}", f"--user-data-dir={user_data_dir}"Use a dedicated empty Chrome profile for this skill, declare the credential/session requirement in metadata, and avoid using a normal personal browser profile.
The skill can perform real browser actions on the user's account, including login flow and page interaction, not just read progress.
The helper scripts use raw Chrome DevTools Protocol calls to execute JavaScript and simulate clicks/typing in the logged-in browser.
await call(ws, "Runtime.evaluate", {"expression": expression, "returnByValue": True}) ... "Input.dispatchMouseEvent" ... "Input.dispatchKeyEvent"Require explicit user approval before login, navigation, clicking, typing, or starting automatic study; strictly validate Wangda hostnames before navigation.
Users may not know what runtime setup or trust boundary is required before running the skill.
The package contains runnable scripts, but the metadata does not declare provenance, installation needs, environment variables, Chrome requirements, or Python dependencies.
Source: unknown ... No install spec — this is an instruction-only skill ... Required env vars: none
Publish clear provenance, dependency, binary, and environment-variable declarations before installation.
Local session data may persist across tasks and influence later automated study actions.
The skill stores persistent session data, including browser-control configuration and learning progress, in a local session file.
SESSION_FILE = os.environ.get("_WANGDA_SESSION_FILE") ... "debugPort": int(os.environ.get("_WANGDA_DEBUG_PORT", "0")), "userDataDir": os.environ.get("_WANGDA_USER_DATA_DIR", "")Keep the session file in a dedicated location, review or reset it when switching accounts, and avoid sharing it.