Skillv1.0.0

ClawScan security

微博热搜采集 | Weibo Hot Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 10:11 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill matches its stated purpose (collecting Weibo hot-search and generating HTML) but omits a required runtime dependency (the openclaw browser CLI) and uses shell-invoked subprocesses on untrusted URLs/snapshots — these inconsistencies and injection risks warrant caution.
Guidance: This package mostly does what it claims (collect Weibo hot-search items, save to a SQLite DB, and create an HTML report), but there are notable concerns you should address before running it: - The scripts rely on an external CLI 'openclaw browser' to open pages and capture snapshots, but SKILL.md and the manifest do not declare this dependency. Ensure you have 'openclaw' installed from a trusted source before using the scripts. - The fetcher uses subprocess.run with shell=True to execute commands like: openclaw browser open --profile openclaw '{url}'. Those commands include URLs and other strings derived from parsed page snapshots. If an attacker can influence snapshot output (or if a malformed URL contains shell metacharacters), this can lead to command injection. Consider running the tool only in an isolated environment (VM/container) and inspect/clean inputs first. - If you plan to use this skill: (1) Review and/or modify fetch-hot-search.py and fetch-topic-content to avoid shell=True and to pass command arguments as lists to subprocess.run; (2) sanitize or validate any URL or title data before embedding into shell commands; (3) explicitly document and verify the 'openclaw' dependency in SKILL.md; (4) run initial tests with a non-privileged user and in a sandbox; (5) consider adding explicit warnings in SKILL.md about the browser dependency and security considerations. If you want higher assurance, ask the author to declare the 'openclaw' dependency and to replace shell invocations with safe APIs or subprocess argument lists and to add input sanitization. Without those changes, treat the skill as potentially risky on sensitive hosts.

Review Dimensions

Purpose & Capability: concernThe project claims to be a Weibo hot-search collector/visualizer and the included scripts implement that. However the runtime code relies heavily on an external 'openclaw' browser CLI (used to open pages and obtain snapshots) but the skill metadata and SKILL.md do not declare this dependency. The lack of a declared required binary is an incoherence: a legitimate collector needs the browser CLI (or an HTTP client), so the missing declaration is unexpected.
Instruction Scope: concernSKILL.md documents how to run the Python scripts but never mentions the required 'openclaw' CLI or its security implications. The fetch scripts instruct the agent to run shell commands that open URLs and capture snapshots, then parse snapshot text to extract URLs and post content. That parsing output is later used to construct more shell commands — this expands scope beyond simple parsing and could lead to executing commands derived from external page content. The instructions are also silent about running in an isolated environment or validating inputs.
Install Mechanism: okThere is no install specification (instruction-only install), so nothing will be automatically downloaded or executed during install. That lowers installer risk. However the skill includes multiple code files that will be placed on disk; they will execute local subprocesses at runtime.
Credentials: okThe skill requests no environment variables or credentials, and stores data in a local SQLite DB and HTML file. The requested access is proportionate to the described purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It writes only to its own data/ directory and DB; it doesn't modify other skills or system-wide configs.