ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

餐厅推荐交叉验证

v1.0.0

Cross-reference restaurant recommendations from Xiaohongshu (小红书) and Dianping (大众点评) to validate restaurant quality and consistency. Use when querying restaurant recommendations by geographic location (city/district) to get validated insights from both platforms. Automatically fetches ratings, review counts, and analyzes consistency across platforms to provide trustworthy recommendations with confidence scores.

2· 1.1k·2 current·3 all-time
byleon@liyang2016
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and documentation match the stated purpose: fetching data from Dianping and Xiaohongshu, fuzzy-matching restaurants, and computing consistency/recommendation scores. Libraries (requests, bs4, thefuzz, Playwright) and matching/sentiment logic are appropriate to that goal.
!
Instruction Scope
SKILL.md and IMPLEMENTATION.md explicitly instruct the agent to perform web scraping, use persistent authenticated browser sessions, rotate proxies, and store cookies/sessions locally. This goes beyond a simple read-only lookup: it instructs actions that can log in as a user (cookies), maintain persistent authenticated sessions, and mimic human browsing (Playwright). Those instructions also push the operator toward anti-scraping workarounds (residential proxies, user-agent rotation), which raises legal/compliance and operational risk.
Install Mechanism
No formal registry install spec in the skill meta, but repository includes setup.sh that installs Python deps and downloads Playwright browsers. Installing Playwright and pip packages is standard for such tooling, but setup.sh should be reviewed before running. There are no obscure external download URLs in the provided files, but Playwright will download browser binaries from upstream.
!
Credentials
The skill declares no required env vars, but it persistently stores authenticated sessions (cookies/localStorage) under a sessions/ directory and expects proxies (proxy_list) to be configured. That is proportional to scraping functionality, but it creates a risk: sensitive session cookies or proxy credentials may be stored in plain files (scripts/config.py or sessions/) and could be accidentally committed/published. The skill's docs even guide publishing; there are no explicit safeguards (e.g., .gitignore) shown to prevent leaking session data or credentials.
!
Persistence & Privilege
The skill includes a session manager that persists login state and claims to auto-login and maintain sessions for 1–2 weeks. While always:false, the agent can be invoked autonomously; combined with persistent authenticated sessions, this means the skill can make authenticated requests on behalf of the user without re-authentication. This increases the blast radius if credentials or sessions are leaked or if the skill is misused.
What to consider before installing
What to consider before installing or running this skill: - Legal/ToS: Both Dianping and Xiaohongshu explicitly prohibit scraping in their docs; using the 'real' scraping mode may violate platform terms and local law — only use for personal research and accept the legal risk. - Session cookies: The skill saves browser sessions/cookies locally (sessions/ and session_state.json). Do NOT run setup.sh or login on shared/cloud machines. Before publishing or sharing the repo, ensure sessions/ and any files containing credentials are removed and added to .gitignore. - Do not store secrets in scripts/config.py: If you must use proxies with authentication, avoid writing credentials into repository files; prefer environment variables or a secure secret store and do not publish them. - Review setup/install scripts: Inspect setup.sh and any install steps before running. They install Python packages and download Playwright browsers (normal) but running them grants the code filesystem and network access on your machine. - Use mock/server-only mode on servers: The repo includes a simulated/mock-data (server) version — use that on headless or shared servers to avoid login/cookie persistence. - Audit network destinations: The docs recommend residential proxy providers; review any third-party service terms and avoid sending credentials or session files to unfamiliar hosts. - Reduce blast radius: Run the skill in an isolated VM or local machine, not on production or shared servers. If you plan to publish, remove any sessions/ and credentials first. If you want, I can: (1) point out exact filenames that store sessions and should be excluded, (2) scan setup.sh for any unsafe commands, or (3) suggest minimal code changes (e.g., .gitignore entry and switching config to read proxy credentials from env vars) to reduce risk.

Like a lobster shell, security has layers — review code before you run it.

chinavk97brpb688pqa2c7z2wy6jzhf980tzmtchinesevk97brpb688pqa2c7z2wy6jzhf980tzmtdianpingvk97brpb688pqa2c7z2wy6jzhf980tzmtfoodvk97brpb688pqa2c7z2wy6jzhf980tzmtlatestvk97brpb688pqa2c7z2wy6jzhf980tzmtrecommendationvk97brpb688pqa2c7z2wy6jzhf980tzmtrestaurantvk97brpb688pqa2c7z2wy6jzhf980tzmtxiaohongshuvk97brpb688pqa2c7z2wy6jzhf980tzmt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments