v1.0.2

社交媒体研究助手Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:40 AM.

Analysis

This appears to be a coherent local social-media crawler, but it can use Bilibili account cookies/history and exposes a broad raw MCP tool caller, so it should be reviewed before installation.

GuidanceInstall only if you trust the local media-agent-crawler service and understand that authenticated Bilibili cookies or history data may be used. Keep the base URL on localhost unless you intentionally trust another endpoint, and prefer explicit confirmation before running history crawls or generic MCP tool calls.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/mcp_tool.sh

TOOL_NAME="${1:-}" ... params:{name:tool,arguments:args}

The script builds a JSON-RPC tools/call request from an arbitrary command-line tool name and arbitrary JSON arguments, with no allowlist in this wrapper.

User impactIf the local service exposes tools beyond the documented crawler functions, the agent could invoke unexpected capabilities through this generic wrapper.

RecommendationRestrict the wrapper to a documented allowlist of safe tool names and require clear user approval for account/history reads or other high-impact actions.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/crawl.sh

encoded=$(node -e 'process.stdout.write(encodeURIComponent(process.argv[1]))' "$TARGET_URL") ... curl -fsS -X POST "$endpoint"

The included scripts rely on node and curl, while the registry requirements declare no required binaries and there is no install spec.

User impactThe skill may fail or behave differently on systems without those tools, and users may not see the runtime requirements before installing.

RecommendationDeclare bash/curl/node requirements and document the expected local media-agent-crawler service provenance.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

所有 B 站工具均支持可选 `cookies` 参数（字符串，从浏览器插件获取）。

Browser cookies are account/session credentials. The registry metadata says there is no primary credential or required environment variable, but the skill documents passing Bilibili cookies to crawler tools.

User impactIf cookies are provided or already stored in the local app, the crawler may act with the user's Bilibili account session and collect account-specific data such as history.

RecommendationOnly use this with a trusted local crawler service, avoid providing cookies unless necessary, and add explicit credential metadata plus user confirmation for authenticated or history-related crawls.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

scripts/mcp_tool.sh

BASE_URL="${3:-${BIL_CRAWL_URL:-http://127.0.0.1:39002}}" ... curl -sS -N "$MCP_URL"

The service defaults to localhost, but the endpoint can be overridden by an argument or environment variable; all tool arguments are then sent to that configured MCP URL.

User impactA non-local or untrusted base URL would receive crawl arguments and any supplied cookies or task identifiers.

RecommendationKeep the base URL pointed at the trusted local service unless intentionally connecting elsewhere, and warn users before sending cookies or private task data.