Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
照妖镜 Magic Mirror
v1.0.0Scan your user's social media profiles to generate a brutally honest "Mirror Report" — revealing the gap between who they think they are and who the data say...
⭐ 0· 53·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with runtime instructions: the SKILL.md contains detailed per-platform scraping submodules (Bilibili, Douban, Douyin, Weibo, Xiaohongshu) and uses a browser automation plugin (ManoBrowser) to access logged-in data. The requested capabilities (DOM/API scraping, use of browser cookies) are coherent with producing the advertised cross-platform 'Mirror Report'.
Instruction Scope
The SKILL.md instructs the agent to auto-detect and, if missing, automatically install the ManoBrowser skill (git clone / curl+unzip). It also tells the agent to read other skills' SKILL.md files and local config files (e.g., .mcp.json, config/mcporter.json) and to use chrome_* MCP tools to execute JS in the user's browser that runs fetch(..., {credentials: 'include'}) and scrapes DOM. Reading/writing these local files and executing JS in a browser context with credentials is more invasive than a simple API integration and should be done only with explicit user consent. The doc also insists scripts be copied and executed verbatim, which increases the chance that downloaded code will be run unchanged.
Install Mechanism
There is no declared install spec, but the runtime instructions include explicit installation steps that perform git clone or curl from GitHub into a local ./manobrowser directory (or /tmp and move). Downloading code at runtime and writing it into the agent's skills directory is an install action embedded in the instructions; although the URL is a GitHub repo (better than an untrusted IP or pastebin), automatic, silent cloning without asking the user reduces transparency and increases risk if the upstream repo changes or is malicious.
Credentials
The skill declares no required env vars, which matches metadata, but the instructions rely on and access sensitive local state: browser session cookies via fetch({credentials:'include'}), local skill files (manobrowser/SKILL.md and other skills), and configuration files (.mcp.json, config/mcporter.json). Accessing logged-in browser sessions and other local skill/config files is necessary for the scraping goal but is high-sensitivity and should be explicitly declared and consented to; reading other skills' SKILL.md may expose information about the local environment.
Persistence & Privilege
The skill is not marked always:true. It can be invoked autonomously by default (disable-model-invocation is false), which is platform default and not by itself a disqualifier. The SKILL.md directs the agent to save raw data locally (mirror-reports/{date}_raw_data.json) which is expected for this use case but is persistent sensitive data the user should be aware of and able to delete. The skill also instructs auto-install of ManoBrowser into local skills directories (persistent file writes).
What to consider before installing
This skill will actively scrape your logged-in social accounts by running JS in your browser (using cookies/sessions) and may auto-download and install a required ManoBrowser skill from GitHub without asking. Before installing or running it: 1) Confirm you explicitly consent to scanning your logged-in accounts and saving raw scraped data locally. 2) Inspect the ManoBrowser repo it will clone (https://github.com/ClawCap/ManoBrowser) — don't rely on automatic installs without review. 3) Be aware the instructions direct the agent to read local skill files and config files (.mcp.json, config/mcporter.json) — if you don't want that, don't install/run. 4) Prefer manual installation: clone repos yourself, review SKILL.md and the JS scripts that will run in your browser, and run within a disposable or logged-out browser profile if you want to limit exposure. 5) If you proceed, disable autonomous invocation (require user invocation) or require explicit consent prompts, and delete mirror-reports/ after use if you do not want persistent local copies.Like a lobster shell, security has layers — review code before you run it.
latestvk971xexvmbmn2c6dq3ds4jn48d84cgd1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.