ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bili Article Poster

v1.0.0

B站(哔哩哔哩)专栏文章自动投稿技能。支持:(1) 多样化话题发现(AI+编程/职场/机器人/游戏/科技) (2) 搜索Reddit/Verge等行业媒体 (3) 深度重组内容生成文章 (4) 自动填写标题/正文/图片/话题/声明/保存草稿。触发场景:(1) 用户要求发布B站文章 (2) 需要根据热门话题自动生成内容

0· 46·0 current·0 all-time
byOldYoung@oldyoungcn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md align with the stated purpose (finding topics, generating articles, uploading to B站 using Playwright and user cookies). However there are mismatches: SKILL.md says the Brave API key should be configured in ~/.openclaw/openclaw.json, yet topic-discovery.js contains a hard-coded Brave API key. The skill also implicitly requires curl and Node/Playwright even though no binaries or install spec are declared.
!
Instruction Scope
Runtime instructions and the scripts access local files with specific absolute paths (/home/ubuntu/.openclaw/workspace/*), expect a user-provided bilibili_cookies.json (contains authentication cookies), launch browsers (Playwright), perform network searches, and download arbitrary images. The references file includes a clipboard-based JS snippet that, if executed by a user in their browser, would copy document.cookie (sensitive) — the SKILL.md points to that snippet as a debugging helper. The scripts download external URLs and write files to disk; these behaviors go beyond just 'filling a form' and involve fetching remote content and handling credentials (cookies).
!
Install Mechanism
No install spec is provided (instruction-only), which reduces surface area, but the code depends on Node.js, Playwright, and curl. The script uses child_process.execSync to call curl with -k (skip SSL verification) and passes image URLs directly into the shell command — this is risky because it allows command injection if a URL contains shell metacharacters and also silently accepts invalid TLS certificates.
!
Credentials
No required env vars are declared, yet SKILL.md references a Brave API key in ~/.openclaw/openclaw.json and the code contains an embedded API key ('BSAX4o9UDvUsPruQ3jQ-y14-plgXuzf'). The skill requires a bilibili_cookies.json file containing the user's session cookies — appropriate for automated posting but sensitive. Hard-coded third-party API keys and reliance on plaintext cookie files are disproportionate and raise confidentiality and provenance concerns.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide privileges. It may use a persistent browser profile under /home/ubuntu/.openclaw/workspace/bili-profile, but it does not modify other skills or agent-wide configuration. Autonomous invocation is allowed by default (platform normal).
What to consider before installing
What to consider before installing: - The skill will require your B站 session cookies (bilibili_cookies.json) or a browser profile to log in; providing these grants the skill the ability to act as your account. Only proceed if you trust the code and its maintainer. - The topic-discovery script contains a hard-coded Brave API key (BSAX4o9...), which is inconsistent with the SKILL.md claim that you should configure your own key. Hard-coded keys may be abused by others or indicate copied/leftover credentials—treat this as suspicious. - The code downloads images using curl via execSync and curl -k (skipping SSL verification). This both tolerates insecure TLS and passes unvalidated URLs into a shell command, creating a risk of command injection if URLs are maliciously crafted. Consider replacing curl exec calls with a safe HTTP client (e.g., node https/got) and validating/whitelisting URLs. - The references file includes a clipboard-based JS snippet that, if you run it in a logged-in browser, will copy document.cookie — that leaks your session cookies. Do NOT run that snippet unless you understand the risk. - Recommended mitigations: review and/or remove the hard-coded API key; ensure Brave API key is provided by you via a secure config; replace execSync curl calls with safe, URL-sanitizing HTTP code; run the skill in an isolated environment or throwaway account; inspect downloaded images before uploading; do not store bilibili cookies in insecure shared locations. If you want, I can produce a safer patch list for the scripts (remove execSync, read API key from config, validate image URLs, and explicit required binaries) or enumerate exact lines that are risky.
scripts/topic-discovery.js:122
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fn67z4s7gnvg011b6arqt5x83vg8c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments