Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Know Your Owner
v2.5.0Collect user data from logged-in social platforms (Douyin, Xiaohongshu, Weibo, Douban, Bilibili), cross-analyze to build a precise personal profile, and auto...
⭐ 1· 46·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (collect social data and build a profile) align with the actual actions: per-platform scraping, XHR interception, DOM/API extraction and analysis. Requiring a browser automation tool (ManoBrowser) is coherent for web scraping. However the SKILL.md directs auto-download/installation of ManoBrowser at runtime and inspects local skill/config directories (e.g., ~/.openclaw/skills, .mcp.json) even though the skill metadata declared no config paths or installation steps — this is an undocumented capability that users should be aware of.
Instruction Scope
The instructions explicitly tell the agent to access logged-in browser state (cookies via fetch with credentials:'include'), read page-global JS objects (e.g., window.$CONFIG.user), inject XHR interceptors, scroll and extract large amounts of personal data (posts, favorites, follow lists, ratings), and write USER.md and MEMORY.md. It also instructs the agent to proactively announce the skill to the user immediately after install. The scraping targets are highly sensitive (aggregated cross-platform personal activity). The instructions give broad runtime discretion (explore arbitrary pages in 'general mode') which increases the risk of unintended data collection.
Install Mechanism
There is no declared install spec, but the runtime instructions instruct the agent to download ManoBrowser from GitHub (git clone or curl+unzip) and place it in the current working directory. Instructing a runtime download+extract from an external repo (even GitHub) is higher risk than an instruction-only skill that doesn't write new code to disk; this behavior is not reflected in the skill's declared registry metadata. The repo URL is explicit (github.com/ClawCap/ManoBrowser) rather than an obfuscated host, but automatic fetching and potential execution of third‑party code increases attack surface and deserves manual review.
Credentials
The skill metadata lists no required environment variables or config paths, yet the SKILL.md reads and expects local config files (e.g., .mcp.json, config/mcporter.json) and requires access to the user's browser session via ManoBrowser (which will rely on browser cookies/extension API keys). It will ask the user to install a browser extension and to provide an API key for ManoBrowser configuration. Collecting cross‑platform logged‑in data is intrinsically high-sensitivity; the skill does not declare these access needs in metadata, so the requested access is disproportionate to what the package manifest advertised.
Persistence & Privilege
The skill does not set always:true, and model invocation is allowed (normal). However the instructions request writing a local copy of ManoBrowser (git clone / unzip into ./manobrowser) and storing raw scraped data locally (USER.md, MEMORY.md). Combined with the ability to access any site the user is logged into via the browser automation, this grants the skill broad ongoing access to personal accounts when executed. The skill also instructs an immediate, unsolicited introduction message upon install, which is surprising behavior that should be communicated to users.
What to consider before installing
This skill will actively scrape any social sites you have logged into in the browser and aggregate that data into USER.md and MEMORY.md. Before installing: 1) Understand that it will try to auto-download and install a browser-automation tool (ManoBrowser) into your working directory — review that repository (https://github.com/ClawCap/ManoBrowser) yourself before allowing any automatic installs. 2) Expect the skill to ask you to configure a browser extension / MCP key so it can drive your browser; treat that like granting access to your logged-in sessions (cookies and pages). 3) The SKILL.md references local config files and will read browser pages and inject JS (including XHR interception) — do not run this unless you are comfortable with comprehensive data collection from your accounts. 4) If you want to proceed, consider: (a) running it only in an isolated VM or throwaway profile, (b) manually installing and auditing ManoBrowser and its extension code first, and (c) reviewing/locking where USER.md and MEMORY.md are written so sensitive data is stored securely or not persisted at all. 5) If you do not want aggregated cross-platform profiling or automatic post-install announcements, do not install or request the skill be modified to require explicit, interactive consent for each step.Like a lobster shell, security has layers — review code before you run it.
latestvk97edey94wcp5ad60pcb7pq81x83xwmh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.