Weibo Publish
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent following the workflow could publish content to the user's Weibo account before the user has reviewed the final text, images, or active account.
This instructs the agent to perform the final public posting action through browser automation. The workflow does not include an explicit final approval step before clicking Send.
Click the send button: ```javascript browser act kind=click ref=<send-button-ref> ```
Require an explicit confirmation immediately before sending, showing the target account, exact text, selected images, and whether the post will be public.
If the wrong browser profile or Weibo account is active, the post could be made from the wrong identity.
The skill uses the user's existing authenticated Weibo browser session. This is expected for publishing, but it means actions occur with the privileges of the logged-in account.
Requires existing login session via browser cookies.
Verify the active Weibo account before use, and consider using a dedicated browser profile for automated posting.
A mistaken filename or overly broad cleanup command could remove temporary files or old browser screenshots the user intended to keep.
The skill documents local shell cleanup commands that delete temporary uploads and old browser screenshots. These are purpose-aligned cleanup steps, but they still mutate local files.
rm /tmp/openclaw/uploads/<filename> find ~/.openclaw/media/browser/ -type f -mtime +7 -delete
Delete only the files copied for the current posting task, and review any cleanup command before running it.