Debunk(事实核查)
v1.4.0事实核查与辟谣工具。当用户提供链接/图片/视频/文字要求事实核查时触发。覆盖两类场景:自查信息真伪,或核查别人分享的内容并生成回复。
⭐ 0· 93·0 current·0 all-time
byTino Chen@tino-chen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (fact‑checking) align with what the skill does: extracting text from URLs/screenshots/videos and searching authoritative sources. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md is specific about workflows (web_search, web_fetch, optional MCPs, Playwright fallback). It prescribes extracting verifiable claims and strict output formatting. Minor note: it instructs executing a local Node/Playwright script against user‑provided URLs — expected for handling anti‑scraping pages but implies the agent will load arbitrary remote pages supplied by users.
Install Mechanism
There is no opaque external install URL; package.json only pulls Playwright (a known npm package) and SKILL.md instructs running `npx playwright install chromium`. The included fetch script uses Playwright and standard APIs; no downloads from untrusted personal servers are present.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The included script does not read secrets or env vars. The network access it needs (fetching user-provided webpages) is coherent with fact‑checking.
Persistence & Privilege
always is false and the skill does not request persistent/privileged agent presence or modify other skills. It requires installing Playwright/Chromium locally to run the helper script, which is normal for this functionality.
Assessment
This skill appears to be what it says: a fact‑checking assistant that fetches pages (including WeChat articles) and uses search/fetch to verify claims. Before installing: (1) be prepared to install Playwright/Chromium (large download, runs headless browser processes); (2) review and run the included fetch script in an isolated environment if you have security concerns — it blocks private/internal hostnames but will load arbitrary remote URLs provided by users; (3) if you handle sensitive data, avoid feeding private links or credentials to the skill; (4) enable/confirm OpenClaw's network policies or sandboxing for running headless browsers; (5) optionally inspect the repository yourself or run the skill in a VM/container before trusting it in production.Like a lobster shell, security has layers — review code before you run it.
latestvk97a7xd9qx8z2kwjgmhqpagtp9849e0g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.