Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
我的测试
v1.0.0登录外呼系统并调用 save_session.py 保存浏览器会话到 auth.json。用于首次登录、会话失效或开始任务前重新准备登录态。
⭐ 1· 173·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description says the skill runs save_session.py to produce auth.json. However, no code files are included (no save_session.py). That makes the skill non-functional as delivered and requires the user to supply or obtain an external script. Requiring a separate script is not inherently malicious, but the absence is an important incoherence: the skill cannot do what it claims without an external artifact that the package does not provide or vouch for.
Instruction Scope
SKILL.md instructs the agent/user to prepare login_credentials.json and run python3 save_session.py which will open a browser, autofill credentials, and save auth.json. These steps are consistent with the stated purpose, but they involve handling highly sensitive data (account credentials and session cookies). The instructions do not specify where save_session.py should come from, what it does exactly, or any safeguards for storing/transmitting auth.json. There are no instructions that send data to external endpoints, but because the referenced script is absent, its behavior is unknown and could include exfiltration if obtained from an untrusted source.
Install Mechanism
No install spec is included (instruction-only skill). The README notes pip-installing Playwright and installing Chromium, which is appropriate for a Playwright-based session saver. Because nothing is downloaded or installed by the skill bundle itself, there is no immediate install-time risk from the registry package, but the user still must install third-party software manually.
Credentials
The skill declares no required environment variables and no primary credential, which is proportionate. However, it relies on a credentials file (login_credentials.json) provided by the user and produces auth.json containing cookies/session tokens — both sensitive. Storing credentials in a file (instead of ephemeral secrets) increases risk; the skill does not provide guidance on secure storage or access controls.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills. Autonomous model invocation is allowed by default but not combined with any other privilege escalation indicators here.
What to consider before installing
Before installing or running this skill:
- Do not run anything until you have the actual save_session.py script from a trusted source. The registry package does not include it.
- Inspect save_session.py (and any code you obtain) carefully to ensure it does not send auth.json or credentials to external endpoints.
- Prefer providing credentials via a secure secrets mechanism rather than a plaintext login_credentials.json file; if you must use a file, restrict filesystem permissions and remove it after use.
- Treat auth.json as highly sensitive: store it securely, limit access, and rotate credentials if it may have been exposed.
- If you cannot review the script, consider creating a throwaway/test account to run the process first so long-lived credentials are not exposed.
- If you need the skill to be fully self-contained, request the publisher include save_session.py and a clear README describing exactly what the script does and any network endpoints it communicates with.Like a lobster shell, security has layers — review code before you run it.
latestvk97e9y60s14mqwrtwnzgskwb5x82rrqr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.