Skillv1.2.0

ClawScan security

Baoyu Post To Xhs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 1:50 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requirements are coherent with its stated purpose (automating Xiaohongshu posts via a real Chrome instance); it needs local browser access and a JS runtime but does not request unrelated credentials or remote installs.
Guidance: What to consider before installing: - This skill automates a real Chrome browser and needs access to a browser profile; do not point it at your main Chrome profile if you want to avoid exposing other sessions/cookies. Prefer using a dedicated profile (EXTEND.md can set a custom chrome_profile_path). - The scripts probe and log DOM content (visible text, upload-area HTML, form inputs). That is necessary to locate the upload controls but means page content can be read and printed to the agent console—avoid running it on pages containing sensitive information. - By default the script only fills the form and previews; the --submit flag will auto-publish to your account. Always test with preview mode first. - Running the pre-flight check (scripts/check-permissions.ts) is recommended; it will tell you if bun/npx and Chrome are available and whether node_modules are needed. - The code is bundled with the skill (no external download URLs), but you should still inspect the scripts especially any parts that would auto-submit or attach to non-dedicated profiles. If you are not comfortable, run the tooling in an isolated environment (virtual machine or throwaway profile) and review the code before use.

Review Dimensions

Purpose & Capability: okName/description match the actual behavior: the scripts launch or attach to a local Chrome/Chromium instance via the Chrome DevTools Protocol (CDP), discover/inspect the publish page, upload images, fill title/content/topics, and optionally auto-submit. Requiring a local browser and a JS runtime (bun or npx -> bun) is appropriate for this purpose.
Instruction Scope: noteSKILL.md directs the agent to run TypeScript scripts in scripts/ using bun/npx. The scripts legitimately probe the page DOM, search for file inputs, buttons, and visible text, and dump HTML snippets to the console to locate upload elements. This is broader than simply 'click upload' (it collects page text and HTML snippets), but that behavior is coherent with fragile web automation tasks. Users should be aware the scripts will read the page DOM and log portions of the page (visible text, upload-area HTML, form element info).
Install Mechanism: okNo network install spec is included (instruction-only + bundled TS sources). The package includes a small local vendor library. The check script suggests running npm install in scripts/ if dependencies are missing; that is a normal, traceable action (no remote arbitrary downloads or URL-extract installs are present in the provided files).
Credentials: noteThe skill requests no external API keys or secrets. It does interact with Chrome user-data/profile directories and will create/use a dedicated profile under a baoyu-skills path by default. Because it attaches to a browser (and may reuse an existing debug-enabled Chrome process if directed), it can access whatever is available in that browser profile (sessions/cookies). This access is necessary to post as the user, but you should avoid pointing it at your primary Chrome profile or leaving a logged-in shared profile exposed.
Persistence & Privilege: okalways is false and the skill does not request agent-wide persistence. It may create a profile directory for Chrome automation and can leave a Chrome process running (scripts call chrome.unref()). It does not modify other skills or system-wide agent configs.