ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Game Sentiment Monitor

v1.1.1

Automated game sentiment monitoring skill for mobile/PC games. Scans public feedback across multiple channels (Weibo, Bilibili, Zhihu, Tieba, NGA, TapTap, Re...

0· 27·0 current·0 all-time
by@robin9plus1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (game sentiment monitoring) aligns with the actions described (web probes, Playwright scraping, YouTube API, report generation). However the declared metadata lists no required config paths or credentials, while SKILL.md repeatedly references and attempts to read/write .credentials/accounts.json and workspace config files — a mismatch between declared requirements and actual instructions.
!
Instruction Scope
The SKILL.md mandates runtime actions that include reading local files (.credentials/accounts.json, {WORKSPACE}/game-sentiment-data/.../config.json), executing platform tools (mcporter calls, web_search, Playwright browser navigation/evaluate), logging in with NGA credentials, and performing CAPTCHA handling via screenshot + 'AI recognition'. It also instructs the agent to store user-supplied credentials. These steps go beyond harmless 'search-and-report' scope by accessing and persisting local secrets and by instructing potentially invasive scraping/login automation. The instructions are prescriptive and force the agent to run healthchecks (cannot be skipped), increasing the chance the agent will access sensitive files.
Install Mechanism
The skill is instruction-only (no install spec) which is low-risk, but SKILL.md instructs runtime installation via 'mcporter add playwright' if Playwright is missing. This is not a packaged install in the skill metadata — it delegates installation to the agent at runtime, which may install software on the host. That behavior is plausible for scraping but is worth noting because it effectively triggers an install step outside the registry-install workflow.
!
Credentials
Requested credentials (YouTube API key, NGA username/password) are relevant to the stated channels, so requiring them is explainable. But the skill also instructs reading/writing a local .credentials/accounts.json file (which may contain unrelated secrets) and promises to 'store' credentials without describing encryption, access controls, or isolation. The metadata declared no required env vars/config paths, so the skill is asking the agent to access local credential storage that was not declared up-front — disproportionate and potentially risky.
Persistence & Privilege
always:false and normal autonomous invocation are fine. The skill instructs persisting config and credentials into workspace/.credentials, i.e., it will create or modify files in the agent workspace. It does not request system-wide privileges or alter other skills, but persisting user credentials without explicit secure storage increases long-term risk if the workspace is shared or backups are created.
What to consider before installing
This skill appears to do what it says (scrape and analyze game feedback), but it will read and write local credential/config files and may install Playwright at runtime. Before installing or running it: 1) Do not supply high-value credentials (e.g., primary Google account keys, production passwords); prefer limited-scope API keys and throwaway/test accounts. 2) Inspect or create the target .credentials/accounts.json and workspace config paths yourself; do not let the skill write secrets without encryption. 3) Ask the skill author how credentials are stored (encryption, ACLs) and where CAPTCHA screenshots are sent for 'AI recognition'. 4) If possible, run the skill in a sandbox/test workspace or isolated environment where any stored credentials and installed packages are safe to delete. 5) Consider manual credential entry at runtime and remove stored credentials after use. These precautions reduce the risk from the skill's file access and credential-storage behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97086mvk2cf85d9kp19rwxyhx8494hz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments