doubao-opencli
WarnAudited by ClawScan on May 11, 2026.
Overview
This is a coherent Doubao automation skill, but it needs Review because it drives a logged-in Edge session, can back up all Doubao conversations, and contains unsafe browser JavaScript execution with user-supplied PPT content.
Install only if you trust the scripts, opencli, and the browser extension with your Doubao account session. Avoid running the backup command unless you want all conversation history saved locally, and do not feed untrusted PPT topics, outlines, or draft files to the current PPT script until its browser-eval handling is fixed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or untrusted draft/topic could cause the automation to run unintended JavaScript in the logged-in Doubao browser session.
The PPT script builds JavaScript for browser eval by concatenating user-controlled Topic/Outline/DraftFile content into a JS string, with only apostrophes escaped. Crafted input could break the string and execute arbitrary JavaScript in the authenticated Doubao page.
opencli browser eval "var ta = document.querySelector('textarea[placeholder]'); ... setter.call(ta, '" + $promptText.Replace("'", "\'") + "'); ..."Avoid string-concatenated eval for user content. Pass text through safe browser fill APIs or encode values as JSON string literals, and treat draft files from untrusted sources as unsafe.
The skill can act through the user's Doubao account session, including asking questions, generating content, accessing history, and downloading outputs.
The skill explicitly uses the user's logged-in Edge/Doubao session, but the registry metadata declares no credential or required browser/session configuration.
Description: ...通过 opencli browser 桥接复用 Edge 浏览器登录态...; Primary credential: none; Required config paths: none
Declare the authenticated browser-session dependency clearly in metadata, and require explicit user approval before account-history or bulk actions.
Private chats, meeting content, or other sensitive Doubao history may be copied into local files that could later be exposed, synced, or reused unintentionally.
The backup command retrieves every Doubao conversation's details and writes them to a persistent local JSON backup file.
$history = opencli doubao history -f json ... foreach ($item in $history) { ... $detail = opencli doubao detail "$id" ... } ... $backup | ConvertTo-Json -Depth 10 | Out-File $backupFileRun backup only when intended. The skill should add confirmation, filtering by conversation/date, documented retention behavior, and guidance to protect or delete backup files.
When invoked, the skill can operate the browser on the user's behalf and automatically download or move generated files.
The skill intentionally uses browser automation and synthetic DOM events to click controls and download files. This is central to the stated purpose, but it is a powerful account-session automation technique.
opencli browser click 命令无法触发下载按钮,必须使用 JS 原生事件(dispatchEvent 触发 mousedown + mouseup + click + pointerdown)
Use only for trusted workflows, keep the browser session scoped to Doubao, and prefer prompts/confirmations before downloads, uploads, or history operations.
Users may not realize they must trust the external opencli package and browser extension, which can interact with their browser session.
The skill relies on an external global npm tool and browser extension, but the registry requirements list no required binaries and no install spec.
opencli 已安装(`npm install -g @jackwener/opencli`); opencli 浏览器桥接扩展 已在 Edge 中安装
Verify the opencli package and browser extension source before use, pin versions where possible, and declare these dependencies in the skill metadata.