ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

cloud-product-compare2

v1.0.0

以资深云计算产品经理身份,深度阅读阿里云与华为云官方文档,输出有真实依据的差异化竞品分析

0· 8·0 current·0 all-time
by@ucsdzehualiu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description ask for deep reading of Alibaba and Huawei docs; the included scraper script, deep_links list, and scraping approach align with that purpose.
!
Instruction Scope
SKILL.md and the script instruct running an automated scraper that: installs dependencies, launches a Chromium instance, renders JS, and explicitly uses 'Stealth' mode to '绕过 EdgeOne 安全验证' (bypass protection). While rendering JS and fallbacks are coherent for SPA docs, actively evading site security controls is outside normal benign scraping behaviour and increases legal/operational risk.
Install Mechanism
No external arbitrary URLs are downloaded, but the script auto-installs Python packages via pip and runs 'playwright install chromium' (downloads ~150MB of browser binaries). Automatic installs are expected for a self-contained scraper but mean the skill will write binaries and packages to the host without interactive consent.
Credentials
The skill requests no environment variables or credentials. Network access to the official help/support domains is necessary for the stated task and is what the code performs.
Persistence & Privilege
The skill does not request permanent/always-on presence, does not modify other skills, and runs only when invoked. It does, however, perform local installs and produce files on disk.
What to consider before installing
This skill appears to do what it says (scrape and collate Alibaba/Huawei docs), but it will auto-install Python packages and download a Chromium build, then run a headless browser that explicitly tries to bypass site protections. Before installing: (1) review the script yourself or run it in an isolated environment (VM/container) to limit impact; (2) confirm you are permitted to scrape the target sites (check terms of service and corporate policy); (3) be prepared for ~150MB browser download and many outbound requests while scraping; (4) if you need stronger assurance, ask the author for a version without 'stealth' evasion or with manual dependency-install steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ek2tggnm2j3kw2n8knafzx84k7tq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments