Weibo CLI
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent Weibo public-data CLI wrapper, with caution needed around installing the external npm package and optionally providing a Weibo login cookie.
This appears safe for public Weibo lookups if you are comfortable installing the referenced npm package. Use the local install option when possible, review the package before trusting it, and do not provide your WEIBO_COOKIE unless you understand that it is a sensitive login credential.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package gives third-party npm code the ability to run locally as part of using the skill.
The skill depends on an external npm package for its actual CLI behavior. The install is user-directed and central to the purpose, but the artifact does not include that package code or pin a version.
npm install -g @marvae24/weibo-cli # Or local install (safer) npm install @marvae24/weibo-cli
Prefer the local install path, review the npm package source and publisher before use, and avoid global installation unless you trust the package.
If provided, the CLI package may be able to act with the authority of the user's Weibo web session, not just anonymous public access.
A login cookie is a sensitive session credential. Its use is optional and related to Weibo access, but it is not declared in the registry metadata and should only be supplied to code the user trusts.
Optional: Set `WEIBO_COOKIE` environment variable for higher rate limits (your own login cookie).
Use the tool without WEIBO_COOKIE when possible. If higher rate limits are needed, provide a limited or disposable session cookie only after reviewing and trusting the package.