Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Opencli Rs
v1.0.0基于Rust的通用命令行枢纽 - 将任何网站、桌面应用、本地CLI工具转变为命令行接口,专为AI Agent和自动化工作流设计。支持55+网站、Electron应用控制和外部CLI集成,单二进制文件4.7MB,性能提升12倍。
⭐ 0· 323·5 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims a Rust 'opencli-rs' single binary (4.7MB, zero runtime deps) and links to a nashsu/opencli-rs repo, but the included install.sh and package.json install a Node package (@jackwener/opencli) and the QUICK_GUIDE/README reference other repositories (smallnest, jackwener). Those are mutually inconsistent: a Rust single-binary distribution would not need npm or Node.js >=20 as the install.sh requires. The mixture of multiple upstream project names suggests the package author either bundled/ported multiple projects or mislabeled the origin.
Instruction Scope
SKILL.md and other docs instruct the agent/user to run system-level commands (curl | sh from raw.githubusercontent.com, npm install -g, wget GitHub release archives, cargo build) and to install a Chrome extension and connect to a local daemon. The instructions allow the tool to reuse Chrome login sessions to perform authenticated actions (post/delete/follow/download), and they instruct writing configs under ~/.opencli and adding entries to AGENT.md — behavior that is within an automation skill but broad. The agent is given steps that could execute arbitrary code from remote sources and access browser session state; that scope is larger than a minimal 'command helper' and should be verified by a user.
Install Mechanism
There is no registry install spec in the skill metadata, but the bundled files include an install.sh that runs npm install -g @jackwener/opencli and the SKILL.md also suggests curl | sh against raw.githubusercontent.com and downloading GitHub releases. Using GitHub raw scripts (curl | sh) and npm install of a 'latest' package are normal but carry moderate-to-high risk because they execute code fetched remotely. The presence of multiple conflicting install suggestions (Rust binary release, npm package, build-from-source via cargo) increases confusion and risk.
Credentials
The skill declares no required env vars or credentials, but the runtime instructions explicitly rely on Chrome browser login/session state and a local daemon (localhost:19825). That means the tool can act using the user's logged-in accounts on many sites (Bilibili, Twitter/X, Discord, Xiaohongshu, WeChat public accounts, etc.) — including actions like posting, deleting, following, downloading private content. Requesting no explicit credentials but operating via browser sessions is plausible, however it's a significant privacy/credential surface that users should understand before installing/connecting.
Persistence & Privilege
always is false and the skill does not request system-wide privileges beyond creating ~/.opencli, ~/.opencli/examples, and writing config files — typical for such tools. The skill includes instructions to install npm packages and create config and example scripts in the user's home directory, which is normal for an install script but does persist files on disk. Autonomous invocation is allowed by default (disable-model-invocation: false) — this is platform default and only becomes a bigger concern combined with the other flagged issues (remote installs + browser session use).
What to consider before installing
This package is inconsistent: it advertises a Rust single-binary project but the shipped installer uses npm and references different GitHub repos. Before installing, verify the official upstream repository and the exact installation steps (prefer an official release page). Do not run curl | sh or npm install -g unless you trust the exact repository/maintainer. Understand that the tool expects to reuse your Chrome login/session and can perform authenticated actions on many sites (posting, downloading, following, deleting) — only install in an environment where you are comfortable with that. If you need caution: 1) Inspect the npm package contents (npm pack) or the GitHub release archive before running; 2) run installs in an isolated environment (VM/container) first; 3) avoid connecting browser profiles containing sensitive accounts; 4) prefer an actual Rust binary release (verify checksum/signature) if you want the claimed 'opencli-rs' behavior; 5) confirm which upstream (nashsu, jackwener, smallnest) is authoritative and that the maintainers are reputable.Like a lobster shell, security has layers — review code before you run it.
latestvk9779xbq92c96gdf2wvknhw1tn83jpdx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.