ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

抖音私信发送

v2.2.0

在抖音网页版发送私信消息。当用户想发送抖音私信、提醒续火花、或者提到"抖音发消息"、"发抖音私信"、"douyin send message"时触发。支持独立使用或配合人物关系管理技能使用。

0· 167·0 current·0 all-time
by@calvin-dean
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The stated purpose (send Douyin web private messages) matches the SKILL.md browser automation steps. However, the bundled script (send_douyin_dm.mjs) is a Playwright/Node implementation that is not mentioned in SKILL.md: there is no declared dependency on Node or Playwright, no install instructions, and the script hardcodes a userDataDir path (/Users/calvin/.openclaw/browser/openclaw/user-data) which accesses a local browser profile — access that is unrelated to the simple description and not disclosed.
!
Instruction Scope
The SKILL.md instructions confine runtime actions to the Douyin web UI (open chat page, find a contact, insert text, send, verify, close). That is reasonable. But SKILL.md's runtime model (browser action primitives using execCommand/mouse events) differs from the included Playwright script (which navigates to /user/self, uses Playwright APIs, writes screenshots, and depends on Node). The code performs filesystem writes (screenshots) and uses an absolute userDataDir; these behaviors are not described in SKILL.md.
!
Install Mechanism
There is no install spec, yet a runnable Node/Playwright script is included. Running the script requires Node, Playwright, and a Chromium runtime, but none are declared. Absence of an install spec means a user/agent may be surprised by the external requirements or by code that will attempt to reuse a local browser profile directory. This mismatch increases risk and friction.
!
Credentials
The skill declares no required env vars or credentials, but the Playwright script reads from a hardcoded local path (userDataDir pointed at a specific user's OpenClaw browser profile) — effectively granting access to the user's browser profile, cookies, and sessions. The script also writes screenshot files (debug_*.png) locally. These filesystem accesses and potential exposure of session cookies are disproportionate to the claimed purpose and are not explained or gated.
Persistence & Privilege
always is false and the skill does not declare any special platform-wide privileges. It does, however, request implicit access to a local browser profile (via the hardcoded userDataDir) when the script is executed. That grants broader access (logged-in sessions, stored cookies) than a simple ephemeral browser automation would normally need; this increases the blast radius if the script is executed on a user's machine.
What to consider before installing
This skill is functionally coherent with sending Douyin DMs, but there are red flags you should consider before installing or running it: - The package contains a Playwright/Node script but the SKILL.md lists no install instructions or required binaries. Expect to need Node, Playwright, and a compatible Chromium if you intend to run the script. - The script hardcodes a local userDataDir (/Users/calvin/.openclaw/browser/openclaw/user-data). That path would let the automation reuse your browser profile, exposing cookies and sessions. Ask the author to remove the hardcoded path or to make profile usage explicit and configurable. - The SKILL.md and the script disagree on target URLs (SKILL.md uses /chat; script uses /user/self) and on runtime model (browser action primitives vs Playwright). This inconsistency may be sloppy engineering or an indicator of incomplete/unsafe packaging. - The script writes screenshots (debug_*.png) to disk; ensure you understand where files will be written. Recommendations: - Do not run the included script on your primary account or machine. If you test it, use an isolated VM or throwaway account with no sensitive data. - Request the maintainer to (a) declare required binaries and an install spec, (b) remove or parameterize any hardcoded filesystem paths, (c) document exactly what data is read/written and whether browser session data is reused, and (d) align SKILL.md and the script (same URLs and runtime model). - If you cannot get those changes, prefer to use the SKILL.md browser-action approach (which uses the platform’s ephemeral browser profile) rather than executing the included Node script that accesses local files.

Like a lobster shell, security has layers — review code before you run it.

latestvk973xys5fez8kb4yekc328k0gs84cv9x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments