CNBlogs Publisher
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the skill artifacts may see or use the embedded token, and running included tests may authenticate as that account rather than the installing user.
The test script embeds a concrete CNBlogs username and access token rather than requiring the user to provide their own credential at runtime.
export CNBLOGS_USERNAME="suyang320" export CNBLOGS_TOKEN="039893...7806A"
Remove the hardcoded token and username immediately, rotate the exposed CNBlogs MetaWeblog token, and require user-provided environment variables for all authenticated actions.
If a user or agent runs the test script, it could alter an existing CNBlogs article tied to the embedded credentials.
The bundled test script performs a real update operation against a fixed post ID, not a dry-run or mock target.
python3 scripts/update_draft.py 19718794 test_article.md "OpenClaw,测试,更新"
Replace live-account tests with mocked API tests or require an explicit user-supplied test post ID and confirmation before any mutation.
A network attacker could more easily intercept or tamper with API traffic, potentially exposing the blog token or changing post operations.
The script disables TLS certificate verification for XML-RPC calls that later send the CNBlogs username and token; the same pattern appears in several other scripts.
self.context = ssl._create_unverified_context()
Use default verified HTTPS certificate handling and only add custom certificate configuration when strictly necessary and explicitly documented.
Users may trust the credential-handling claims and miss that the package actually ships with an embedded token.
The documentation claims tokens are not hardcoded, but the provided tests/test_all.sh artifact contains a hardcoded CNBlogs token.
使用环境变量存储,不硬编码
Correct the documentation and artifacts so they match: remove embedded credentials, document required env vars in metadata, and avoid making unsupported security claims.
The agent has documented permission to run pip3 commands even though no dependency installation is shown.
Python execution is expected for this script-based skill, but pip3 access is broader than the provided standard-library implementation appears to require.
allowed-tools: Bash(python3:*), Bash(pip3:*)
Limit allowed tools to the commands needed for normal use, ideally Bash(python3:*) only, unless package installation is truly required.