ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

拼多多客服助手

v1.1.1

拼多多商家客服自动化助手 - 基于 CDP (Chrome DevTools Protocol) 连接真实浏览器、自动登录拼多多商家后台、智能消息回复、售后处理。使用用户日常 Chrome,天然携带登录态,避免平台风控

0· 121·0 current·0 all-time
by@rfdiosuao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and package dependencies (puppeteer, @openclaw/browser-tools) align with a browser-automation customer-service assistant. However there are extra components that don't clearly belong to the declared runtime requirements: src/cdb.ts constructs a ConvexClient from process.env.CDB_URL (an external DB endpoint) but the skill metadata and registry list no required env vars. README and SKILL.md instruct storing shop credentials in scripts/config.json (local file), which is plausible for the stated purpose but the codebase also contains an unused CDB module that suggests optional external persistence not documented in the manifest.
!
Instruction Scope
SKILL.md instructs editing scripts/config.json and running node src/index.ts to control a real browser; that matches most code. But the repository includes scripts/cdp-proxy.mjs which runs an HTTP server exposing CDP-related endpoints without authentication. The skill claims '仅人工触发' and '不抓取非公开数据', yet a CDP connection plus browser.evaluate can read arbitrary page DOM (including potentially sensitive data) and the proxy exposes endpoints that permit evaluation/click/screenshot actions. The SKILL.md does not explicitly warn about the proxy exposing a network endpoint or about the optional external CDB_URL usage.
Install Mechanism
There is no external install/download script; dependencies are standard npm packages listed in package.json (puppeteer, ws, node-fetch, @openclaw/browser-tools). No arbitrary remote archives or shorteners are fetched at install time. This is a lower-risk install model, but running the code will request Node and npm installs.
!
Credentials
The declared skill metadata lists no required environment variables, yet src/cdb.ts expects process.env.CDB_URL for a ConvexClient. That environment variable is neither documented in SKILL.md nor listed in skill.json/manifest. The README also suggests optional .env entries (PDD_URL, CHECK_INTERVAL, AUTO_REPLY) but those are not declared as required. The presence of CDB_URL (and code to send data to an external Convex DB) is disproportionate and not justified by the manifest; it creates a potential exfiltration path for conversations and buyer data if used. Also shop credentials are suggested to be stored in scripts/config.json (username/password/sessionPath) which may be stored plaintext unless the user encrypts them—this is expected for local tooling but should be highlighted.
!
Persistence & Privilege
The skill is not always: true and does not request special platform privileges, which is appropriate. However scripts/cdp-proxy.mjs opens an HTTP server on port 3456 and (by default) binds to all network interfaces. That server accepts endpoints for creating tabs, eval, click, screenshot, etc., with no authentication. If run on a machine reachable by other hosts (LAN or cloud VM), it could allow remote actors to control the user's browser and access session data. The default browser config in scripts/config.json uses userDataDir './browser-data' (so it will not automatically use the system Chrome profile unless the user explicitly configures remote debugging to connect to their daily Chrome), but SKILL.md wording implies '使用用户日常 Chrome,天然携带登录态' which may be misleading unless the user configures Chrome to expose their real profile via remote-debugging or points userDataDir to the real profile.
What to consider before installing
Key points to consider before installing/running: - CDP proxy exposure: scripts/cdp-proxy.mjs starts an unauthenticated HTTP server (port 3456) exposing endpoints that can evaluate/click/operate the browser. By default it binds to all interfaces; run only on a trusted machine and restrict binding to localhost (or firewall the port) to avoid remote takeover of your browser session. - Undeclared external DB: src/cdb.ts will use process.env.CDB_URL to construct a ConvexClient. This environment variable is not declared in the skill manifest or SKILL.md. If you set CDB_URL it could cause conversation data, buyer info, templates, etc. to be sent to a remote service. Do not set CDB_URL unless you control and trust the endpoint; if you don't need remote storage, consider removing or disabling the CDB module. - Credential storage: SKILL.md instructs editing scripts/config.json to put usernames/passwords/session paths. Those files may be stored locally in plaintext. If you must store credentials, prefer secure OS credential storage, encrypt the config, or ensure file permissions prevent access by other users on the system. - Browser profile / login state: The code's default browser config uses ./browser-data as userDataDir rather than automatically using your daily Chrome profile. The skill's marketing claim that it 'naturally carries login status' is only true if you explicitly point it to your real profile or run Chrome with remote debugging and that profile; be aware of the implications of exposing your real profile to automation. - Audit network exposure & code: Before running, inspect scripts/cdp-proxy.mjs and remove or modify any endpoints you don't need (especially /eval). Prefer launching the tool with Chrome remote debugging bound to localhost only, or avoid running the CDP proxy at all if you do not require it. Search the codebase for other process.env usage and confirm there are no hidden endpoints. - If you are unsure: treat this skill as potentially risky. Run it in an isolated environment (VM or dedicated machine) without sensitive Chrome profiles, and review/disable external persistence (CDB) and the proxy before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d18qnhy834tw52gb3m4gz8d845yg1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛒 Clawdis
OSLinux · macOS · Windows
Binsnode

Comments