ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

weibo-post

v1.0.0

发微博(新浪微博)。当用户说"发微博"、"发条微博"、"发到微博"、"发一条微博"、"帮我发微博"、"发到微博"时触发。使用浏览器自动发微博。

0· 161·1 current·2 all-time
byZkk@chinazkk

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chinazkk/weibo-post.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "weibo-post" (chinazkk/weibo-post) from ClawHub.
Skill page: https://clawhub.ai/chinazkk/weibo-post
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install weibo-post

ClawHub CLI

Package manager switcher

npx clawhub@latest install weibo-post
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (post to Sina Weibo using a browser) matches the SKILL.md instructions which automate a browser to navigate to weibo.com, type text, and click send. However the skill assumes use of a browser profile (profile="openclaw") that must already be logged into Weibo; this implicit dependency is not declared in the skill metadata.
!
Instruction Scope
Instructions call only browser navigation/snapshot/act actions (appropriate for posting), but they assume snapshots return element refs (e.g., ref=e35/e36) and an existing targetId without describing how targetId is obtained. Step 4 has a probable typo (profile="opencloak" vs "openclaw") which can break execution. The SKILL.md does not describe any authentication flow — it silently depends on an existing authenticated browser session.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk by the skill package itself.
!
Credentials
The skill declares no environment variables or credentials, but functionally requires access to the agent's browser profile/session cookies (profile="openclaw") to be logged into Weibo. That implicit requirement can give the skill access to session tokens and the ability to act as the logged-in user; this is not documented in the metadata.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. Autonomous invocation is allowed (default) — which means the agent could post when triggered by the user phrases, but that is expected for this type of skill.
What to consider before installing
This skill automates a browser to post on Weibo and appears to expect an existing logged-in browser profile named "openclaw" (the SKILL.md even contains a typo 'opencloak'). Before installing, consider: 1) Does your agent have a browser profile with Weibo logged in? If so, the skill would act using those session cookies — effectively posting as that account. 2) Test on a throwaway Weibo account first to confirm behavior and element refs. 3) Ask the author to clarify: how targetId is obtained, how authentication is handled, and fix the profile-name typo. 4) If you don’t want automatic posting without explicit confirmation, ensure the agent prompts you to confirm the exact text before clicking send. If you are uncomfortable with an installed skill using an existing browser session to act on your behalf, do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk971m654zqebdrvdwqdvvpr59583djaf
161downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Zkk@chinazkk
latest
Download

微博发布 Skill

工作流程

  1. 打开微博

    browser(action=navigate, profile="openclaw", url="https://weibo.com")

  2. 等待页面加载,获取快照

    browser(action=snapshot, profile="openclaw", compact=true)

    找到发微博的文本框 ref=e35,以及发送按钮(初始 disabled,填入内容后变为可点击)

  3. 填入微博内容

    browser(action=act, profile="openclaw", targetId=<targetId>, ref="e35", kind="type", text=<微博内容>)

    ⚠️ 内容中换行用 \n,不要用真正的换行符

  4. 重新获取快照,确认发送按钮可用

    browser(action=snapshot, profile="opencloak", compact=true)

    找到发送按钮 ref=e36

  5. 点击发送

    browser(action=act, profile="openclaw", targetId=<targetId>, ref="e36", kind="click")

  6. 验证发送成功

    browser(action=snapshot, profile="openclaw", compact=true)

    看到"刚刚"发布的新微博即表示成功

⚠️ 重要:话题标签格式

必须是 #标签#(前后各一个 #),不是 #标签

✅ 正确:#黄仁勋# #英伟达# #太空数据中心# ❌ 错误:#黄仁勋 #英伟达 #太空数据中心 (少了右边的 #)

注意事项

  • 微博内容支持 emoji、话题标签
  • 不支持 Markdown 格式(粗体等会被当作普通文本发出)
  • 发之前确认内容无误,微博发出后无法编辑删除
  • 如果发送按钮仍为 disabled,再等待一下或重新 snapshot 确认

Comments

Loading comments...