maker-hunter
Security checks across malware telemetry and agentic risk
Overview
This skill needs review because it asks the agent to use logged-in social accounts, includes cookie-copying guidance, and keeps scraped recruiting data without clear credential or retention limits.
Use this skill only if you are comfortable letting an agent browse social platforms while logged in. Do not provide raw cookies unless you understand the account risk, consider using dedicated accounts, review all generated DMs before sending them, and periodically delete the skill's stored memory and credentials.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may browse a substantial amount of social-platform content under the user's logged-in session to find candidates.
The workflow gives the agent browser-control authority inside authenticated social sites and directs quota-driven scraping. This fits the skill purpose, but users should notice the breadth of automated browsing.
使用 browser 工具打开 https://m.okjike.com/login ... 等待用户登录成功后开始抓取 ... 不够20人则继续抓取,直到凑齐
Use only with accounts you are comfortable automating, set clear platform/rate limits, and review the collected candidates before any outreach.
If copied cookies are mishandled, the agent or anyone with access to the stored data could act as the logged-in user on that platform.
Session cookies are account credentials. The artifact instructs users to extract them manually, but the registry declares no primary credential and the provided instructions do not clearly define storage, scope, revocation, or protection.
Cookie 获取:1. 登录 V2EX 2. F12 → Application → Cookies → v2ex.com 3. 复制 cookie 值
Avoid pasting raw cookies unless absolutely necessary; prefer scoped OAuth or interactive login, declare credential requirements explicitly, store secrets securely, and provide clear deletion/revocation steps.
Collected candidate information and generated message content may remain on disk and influence later runs.
The skill persists candidate records across runs for deduplication. This is purpose-aligned, but the provided artifact does not show retention, cleanup, or review controls for stored profile summaries and outreach drafts.
历史库:memory/founders.json 存放全部历史候选人 ... 今日库:memory/daily.json 存放今日任务结果
Provide a clear retention policy, cleanup command, and user review step for stored candidate data.