社交媒体研究助手Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with local social-media crawling, but it can use browser cookies/history and includes a broad MCP tool-call helper with weak scoping.
Install only if you trust the separately running media-agent-crawler service. Be especially careful with Bilibili cookies and history collection, keep the base URL on localhost unless you intentionally trust another endpoint, and prefer narrowly scoped crawl commands over the generic MCP tool helper.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused or invoked against the wrong endpoint, the agent could trigger operations outside the documented crawl/archive tools or send user-provided data to an unintended service.
The helper sends a caller-supplied tool name and arbitrary JSON arguments to an MCP endpoint, with no allowlist in the script and with an overrideable base URL.
TOOL_NAME="${1:-}" ... ARGS_JSON="${2:-}" ... BASE_URL="${3:-${BIL_CRAWL_URL:-http://127.0.0.1:39002}}" ... params:{name:tool,arguments:args}Prefer the scoped wrapper scripts, add an explicit allowlist for supported tool names, and require user confirmation before using non-default base URLs or sensitive tools.
Using cookies may expose account-accessible content, viewing history, or other personal platform data to the local crawler service and the agent’s response context.
The skill can operate with browser-derived cookies and can collect Bilibili viewing-history data, which is account-scoped and more sensitive than ordinary public URL crawling.
`crawl_bilibili_history` ... `历史记录聚合搜集` ... `所有 B 站工具均支持可选 cookies 参数(字符串,从浏览器插件获取)。`
Only provide cookies to a trusted local crawler, confirm before collecting history, and document which account data is accessed, stored, and returned.
The main security properties depend on a separately installed local service that is outside the reviewed artifacts.
The reviewed package does not install or verify the local crawler application that performs the actual crawling and cookie-backed access.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install and run the media-agent-crawler service only from a trusted source, and verify what it stores or transmits before using cookies.
If another process is listening on that port, or if the base URL is changed, crawl URLs, task IDs, arguments, or cookies could be sent to an unintended service.
The skill communicates with a local or overrideable HTTP/MCP service; the scripts check reachability but do not authenticate the service identity.
服务地址默认 `http://127.0.0.1:39002`,可通过环境变量 `BIL_CRAWL_URL` 覆盖。
Keep the default localhost endpoint unless you intentionally trust another endpoint, and avoid sending cookies unless you have verified the service.
Crawled comments, subtitles, or summaries may contain misleading instructions or prompt-injection text that should be treated as data, not commands.
The workflow brings external user-generated content and summaries into the agent context for display or summarization.
`comments` / `danmaku` / `subtitles` / `detail` / `all` / `summary` ... `给用户简要摘要`
When summarizing crawled content, treat all retrieved platform text as untrusted content and do not follow instructions found inside it.