Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
holiday-enough
v1.0.0评估旅行目的地需要几天才能玩好,判断用户的假期时间是否充足。通过真实旅行攻略提取各段路线实际耗时,给出"时间充裕/刚好/偏紧"的评估和精简方案建议。 当用户提到以下场景时使用此 skill:假期够不够、旅行时间评估、几天够玩、行程天数、时间够吗、假期天数够不够、去XX玩几天合适、XX天能玩完吗。 即使用户没有明确...
⭐ 0· 68·0 current·0 all-time
byLiaoYk@mrlyk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to extract real user travel notes from a community site that requires login; requiring access to a local Chrome debugging endpoint (CDP) is coherent with that goal. There are no unrelated environment variables or external services requested. However, the capability to control Chrome and read page content gives the skill access to any pages and session data the browser can reach, which is more powerful than a simple read-only web fetch.
Instruction Scope
Runtime instructions explicitly tell the agent to run the included Node script and drive a local CDP proxy to open pages, evaluate DOM, and extract note text. The scripts also read DevToolsActivePort files from user profile paths to discover Chrome's debug port. That is necessary to access logged-in content but it also means the skill can access private data visible in the browser. The SKILL.md does not constrain what the proxy may evaluate or fetch beyond the scraping tasks described.
Install Mechanism
There is no external install/download from untrusted URLs; all code is bundled in the skill. The provided scripts are executed locally (via node) but nothing in the manifest attempts to fetch remote code. This reduces supply-chain risk compared to remote downloads.
Credentials
No environment variables or external credentials are requested, which is proportional. However, the scripts probe user browser profile paths (DevToolsActivePort) and will operate on the user's running Chrome instance — effectively leveraging the user's authenticated sessions. That access is relevant for retrieving logged-in content but has privacy implications beyond the narrow task.
Persistence & Privilege
The check-deps script will start the cdp-proxy as a detached/background process and unref it. That creates a persistent local HTTP service (default port 3456) providing an unauthenticated API to control the browser. A background, unauthenticated HTTP->CDP proxy increases attack surface (other local processes could talk to it) and constitutes lasting presence beyond a single run.
What to consider before installing
This skill mostly does what it says (it scrapes travel notes by controlling your local Chrome), but it requires you to enable or connect to Chrome remote debugging and will start a background, unauthenticated local proxy that can control the browser and read page content you are logged into. Before installing or running: 1) Review the bundled scripts (which are included) to ensure you trust them — they will be run by node on your machine. 2) Confirm how the proxy binds (ensure it listens only on localhost) and consider running it behind a firewall or in a disposable browser/profile. 3) Avoid enabling remote debugging on your primary browser profile or on a machine with sensitive sessions; instead create a fresh Chrome profile, log into only the accounts needed, and use that for scraping. 4) If you are uncomfortable with a background service that can access your browser sessions, do not enable or run the skill. If you want to proceed but reduce risk, run the scripts manually yourself, inspect logs (tmp/cdp-proxy.log), and kill the proxy process when finished.scripts/check-deps.mjs:98
Shell command execution detected (child_process).
scripts/check-deps.mjs:13
Environment variable access combined with network send.
scripts/check-deps.mjs:69
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk971tk5rt3ebprvvmhw400ppts841t0w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.