Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Baoyu Post To Weibo

v0.1.1

Posts content to Weibo (微博). Supports regular posts with text, images, and videos, and headline articles (头条文章) with Markdown input via Chrome CDP. Use when...

⭐ 0· 140·1 current·1 all-time

by@nengnengz

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description (post to Weibo via Chrome/CDP) align with the included scripts. Required binaries (bun or npx) and typescript/node-based helper libraries are appropriate for running the provided scripts. Bundled markdown/Chrome-CDP helper libraries are consistent with article publishing and browser automation.

Instruction Scope

SKILL.md and the scripts instruct the agent to: locate and read Chrome user-data directories (DevToolsActivePort), spawn local commands (ps, osascript, powershell, xdotool, wl-copy, xclip, etc.), manipulate the system clipboard, send real paste keystrokes to the frontmost app, and (per troubleshooting) kill existing Chrome CDP instances automatically (pkill). These are broad local actions that go beyond simple API calls and can affect other running processes and system state. The troubleshooting instruction explicitly says to kill Chrome CDP instances and retry without asking the user, which is a notable scope escalation.

ℹ

Install Mechanism

There is no install spec (instruction-only), so nothing is automatically downloaded from remote URLs — the agent will execute bundled TypeScript using bun or npx. Bundling many source files but not declaring an install step is unusual but not inherently malicious; it does mean the skill will run arbitrary local code when invoked.

ℹ

Credentials

The registry metadata declares no required environment variables or credentials, which matches that the skill runs locally. However the code optionally reads environment overrides (e.g., BAOYU_CHROME_PATH, BAOYU_SHARED_PROFILE, TEST_FIXED_PORT, etc.) and probes standard user-data dirs (~/.config, AppData, Library/Application Support). This is proportionate to finding/using a local Chrome profile but means the skill will access local configuration and profile files. No external service credentials are requested by the skill.

✓

Persistence & Privilege

always:false and no install modifications to other skills or system-wide agent settings were found. The skill can be invoked autonomously (default), which is normal, but combined with its ability to manipulate clipboard, send keystrokes, and kill processes increases potential impact if invoked without user supervision.

What to consider before installing

This skill appears to be what it claims (automating Weibo posts via a real Chrome session) but it performs powerful local actions: it reads Chrome profile files, may terminate Chrome/CDP processes, manipulates the system clipboard, and sends real paste keystrokes. Before installing or letting agents invoke it autonomously: 1) only use if you trust the skill source and code; review scripts weibo-post.ts and weibo-article.ts yourself — especially any network calls or hard-coded endpoints; 2) run the scripts manually once in a safe environment (temporary Chrome profile or VM) to observe behavior; 3) do not grant it always-enabled/autonomous invocation if you need to limit risk; prefer user-invoked runs so you can confirm each publish; 4) be aware it accesses your Chrome profile paths and may kill Chrome instances — back up important profiles and close Chrome if you want to avoid unintended terminations; 5) if you are uncomfortable, reject installation or sandbox it (separate user account, container, or disposable VM). Additional useful info to change this assessment: any explicit README or publisher identity, evidence of network endpoints beyond Weibo, or a minimal build that reduces need for process-killing/keystroke automation.

✗

scripts/copy-to-clipboard.ts:59