Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clipper
v1.0.0Save web content to Obsidian vault. Supports Twitter/X, WeChat MP, Xiaohongshu, YouTube, Bilibili, and any web page. Automatically routes to the best fetch m...
⭐ 0· 56·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included scripts: platform detection, fetching content, saving markdown into an Obsidian vault, and automatic git sync are all implemented. Some capabilities are broader than the description implies (automatic git pull/add/commit/push, reading Obsidian config paths), which are reasonable for 'git sync' but worth noting because they touch user config and networked remotes.
Instruction Scope
Runtime instructions and scripts direct the agent to open a browser (profile=openclaw) and take snapshots for WeChat content, call x-reader CLI, and fetch tweets via Jina Reader. These steps cause network requests and require the agent to access the user's browser and local vault. The skill will also proxy image URLs through wsrv.nl. The SKILL.md does not explicitly warn that content/URLs will be sent to these third parties.
Install Mechanism
There is no install spec that downloads arbitrary code; scripts are packaged with the skill. The only external install recommendation is pipx install of x-reader from a GitHub repo, which is a common, low-to-moderate risk recommendation. No suspicious remote installers or URL shorteners are used.
Credentials
The skill requests no environment variables or credentials, but it implicitly uses whatever git credentials are configured on the host (git pull/push) and may read local Obsidian configuration (~Library/Application Support/obsidian/obsidian.json) to discover vault paths. It also sends URLs/content to third parties (r.jina.ai for tweets, wsrv.nl for images) which may leak page URLs or content. The lack of explicit credential requirements is coherent but the implicit use of local git auth and third‑party network calls increases privacy/exfiltration risk.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or agent-wide configuration. It writes files into the user's vault and performs git operations in that repo; this is expected for a clippersync tool, but it does have the ability to push data to remote hosts using the user's configured git credentials.
What to consider before installing
This skill is functionally consistent with its description, but it performs actions that can leak data without explicit user-provided secrets: it will (1) call external services (https://r.jina.ai/ for tweets and https://wsrv.nl/ to proxy images), (2) ask the agent to open a browser and create snapshots (the SKILL.md uses a browser profile named 'openclaw'), and (3) automatically run git pull/add/commit/push in your vault (using whichever git credentials are configured). Before installing: 1) Review the included Python files locally to confirm you accept the external endpoints (r.jina.ai, wsrv.nl). 2) Consider disabling or modifying the automatic git push if you don't want scraped content pushed to remote repos, or ensure your repo remote is trusted. 3) Test the scripts with a throwaway vault/repo and without network access if you want to audit behavior. 4) If you don't want images proxied, remove or change the wsrv.nl proxy calls in web.py/wechat.py. 5) Ensure you trust the agent's browser tool behaviour (opening snapshots with a given profile may expose local browser state). If you want a lower-risk option, run these scripts manually in a sandboxed environment rather than granting the agent autonomous invocation.Like a lobster shell, security has layers — review code before you run it.
latestvk978jn4mt4gtv96d9bb94mhbwh83j19c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.