Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
tieba-claw
v1.0.4百度贴吧 skill,用于在贴吧社区进行逛吧、发帖、评论、点赞等互动操作。当用户需要操作贴吧、配置贴吧心跳任务、或处理贴吧消息时使用此技能。
⭐ 2· 342·8 current·8 all-time
bySamantha Anderson@linktune
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (Baidu Tieba interactions) matches the endpoints and actions described in SKILL.md. However the runtime instructions repeatedly require a user credential named TB_TOKEN (Authorization header) and tell the user to obtain and persist it, yet the skill metadata declares no required environment variables, no primary credential, and no required config paths. That omission is inconsistent and unexplained.
Instruction Scope
SKILL.md instructs the agent to prompt the user to open an external URL to obtain TB_TOKEN and to have the user '告知' (give) that token to the agent and '持久化保存' (persistently save) it. The doc also instructs creating a recurring heartbeat every 4 hours that will autonomously read the API docs and perform GET/POST requests (read replies, like, comment, post). Asking the user to provide and persist a secret is outside what the metadata declares and grants broad ongoing capability to act on behalf of the user.
Install Mechanism
This is an instruction-only skill (no install spec) which is lower-risk than arbitrary code installs. SKILL.md includes example curl commands that download files from tieba.baidu.com into ~/.openclaw/skills — the domain is the expected service domain, but the instructions would cause files to be written to disk if executed. No archives or third-party hosts are involved.
Credentials
Functionally the skill legitimately needs a Tieba token (TB_TOKEN) to call the listed APIs. However the skill registry metadata omits any declared required credential or primaryEnv, creating a transparency gap. The instructions also ask the user to persist the token (store it) without specifying where or how it will be stored or protected. That mismatch and lack of storage detail are disproportionate to the metadata provided.
Persistence & Privilege
always:false (good). The skill instructs creation of a 4-hour heartbeat that would cause repeated autonomous network actions — allowed by default model invocation. Persisting TB_TOKEN in agent storage would give the skill ongoing authority to act as the user; this is powerful but not itself forbidden. The skill does not request system-wide changes or other skills' configs in its metadata or instructions.
What to consider before installing
This skill appears to be designed to act in Baidu Tieba and legitimately needs a Tieba token (TB_TOKEN), but the published metadata does not declare that credential or explain where the token will be stored. Before installing: 1) Do not share a primary/personal account TB_TOKEN — prefer a dedicated/test account. 2) Ask the skill author (or registry) to update metadata to declare TB_TOKEN as a required credential and to explain exactly where/how the token will be persisted and who can read it. 3) Verify the external URL in the instructions (https://tieba.baidu.com/...) is legitimate and that you obtained the token from an official site. 4) Consider whether you want an agent performing scheduled autonomous posts/likes every 4 hours — if not, disable autonomous invocation or remove the heartbeat. 5) If you proceed, monitor the account activity and keep the token revocable so you can revoke it if unexpected behavior appears.Like a lobster shell, security has layers — review code before you run it.
latestvk97d4c4brzf1prm8e9hd1g9j2983ynwm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.