Hetu Lyrics Blessing
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s lyric-reminder purpose is understandable, but the included script contains hard-coded QQ email credentials and a fixed recipient, and it can be scheduled to keep sending messages.
Do not run or schedule this skill as-is. Remove the hard-coded QQ email account, auth code, and recipient; rotate the exposed credential; configure your own SMTP details securely; and only then consider adding the cron job.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who runs the script without editing it could send email from someone else’s configured QQ mailbox to a predetermined recipient, and the exposed credential may already be compromised.
The script contains a hard-coded SMTP account, auth code/password, and recipient. Running it as shipped logs into that account and sends email to the fixed address, while the registry metadata declares no credentials.
SMTP_EMAIL = "853375443@qq.com" SMTP_PASSWORD = "nzhgbgilzgmabeih" TO_EMAIL = "836633245@qq.com"
Remove hard-coded secrets and recipients, rotate the exposed SMTP auth code, require credentials through environment variables or a credential manager, and fail safely if the user has not configured their own sender and recipient.
Users may believe they must configure the script before it can send email, when running the shipped file can already perform outbound email actions.
The instructions frame the email settings as user-supplied placeholders, but the included script already contains concrete account and recipient values, which can mislead users about the default behavior.
Edit `send_lyrics.py`: SMTP_EMAIL = "your_email@qq.com" SMTP_PASSWORD = "your_auth_code" TO_EMAIL = "recipient@email.com"
Make the documentation match the code, ship only placeholders or environment-variable lookups, and clearly disclose all required credentials and outbound recipients.
If installed, the script can run every night and send email automatically, including with any default values left in the file.
The skill asks the user to create a persistent daily cron job. Scheduled execution is central to the stated daily-reminder purpose, but it will continue running until removed.
crontab -l | { cat; echo "0 23 * * * /path/to/send_lyrics.py >> /path/to/log.txt 2>&1"; } | crontab -Only add the cron job after reviewing and configuring the script, and document how to remove or disable the scheduled task.
Installing unpinned global tools can change the local environment and depends on the integrity of the package being fetched at install time.
The setup uses a global, unpinned external browser automation package and installs browser dependencies. This is related to the stated Baidu Baike fetching behavior, but users should verify the package source and version.
npm install -g agent-browser agent-browser install --with-deps
Pin package versions where possible, install from trusted sources, and avoid global installation unless necessary.
The skill will launch browser automation commands on the user’s machine when the script runs.
The script executes local shell commands to control agent-browser and read page text. The commands are fixed and purpose-aligned, but this is still local command execution users should notice.
result = subprocess.run(cmd, shell=True, capture_output=True, text=True) ... cmd = 'agent-browser eval "document.body.innerText"'
Keep command arguments fixed or safely quoted, avoid shell=True where practical, and run only after installing a trusted agent-browser binary.