Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LinkMind Capture

v0.3.0

Capture social media links (Weibo, Xiaohongshu, WeChat, Xiaoyuzhou) — extract text, images, and metadata, then generate a Markdown note with AI deep summary,...

⭐ 0· 103·0 current·0 all-time

bytt_bltn@tt-bltn

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

Crypto

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description match the included scripts: the repo contains scrapers, image downloader, subtitle/transcription logic, and Obsidian note templating — all coherent with the stated purpose. However the skill metadata only declares node as a required binary while the code actually expects/uses additional system binaries (Chrome with remote debugging, ffmpeg/ffprobe, yt-dlp) and expects to run 'npx tsx' which may fetch tooling at runtime. The skill also uses Chrome DevTools Protocol to launch and control Chrome — reasonable for scraping but not declared in metadata.

Instruction Scope

Runtime instructions ask the agent to read skills/linkmind/config.json and optionally skills/linkmind/.env (documented), create files under the user's Obsidian vault, and run scripts that will: launch a local Chrome instance with remote-debugging, follow redirects, download images, call external APIs (iFlytek, OpenAI, platform APIs), run curl to /tmp, and run system commands (ffmpeg/ffprobe). The code also loads a home-level ~/.linkmind/.env silently; that expands the set of environment files read beyond the documented project .env. These actions are within the goal of web capture, but the implicit reading of home .env and launching of Chrome with remote debugging are scope-expanding behaviors you should expect and review.

ℹ

Install Mechanism

No install spec is provided (instruction-only), but many TypeScript scripts and a package.json/package-lock are present. The SKILL.md instructs use of 'npx tsx ...' which will fetch tooling from npm if not installed — meaning network downloads at runtime. Package-lock entries reference a mirror (npmmirror) rather than only official GitHub releases; there are no downloads from arbitrary URLs or extract steps, but the implicit npx/npm network fetch is a runtime install concern.

Credentials

The skill declares no required env vars but the code supports/reads many sensitive values: cookies for multiple platforms and ASR credentials (iFlytek and OpenAI). The interactive setup writes a skills/linkmind/.env file containing those secrets, and the loader will also read ~/.linkmind/.env (home-level) as a source of credentials. Reading a home-level .env is not highlighted in SKILL.md and increases the set of potentially-exposed secrets. That said, all requested credentials are related to the stated functionality (accessing gated posts, ASR).

✓

Persistence & Privilege

The skill does not request always:true and does not modify other skills. Its setup writes its own config.json and .env inside the skill folder and writes notes into the user's Obsidian vault (expected for its purpose). There is nothing that force-injects the skill into every agent run.

What to consider before installing

This skill largely does what it claims — scraping social posts, optionally transcribing audio, downloading images and writing a Markdown note into your Obsidian vault. Before installing: 1) Review and be comfortable storing cookies/API keys in skills/linkmind/.env (these grant access to your accounts); prefer providing minimal-scoped tokens and avoid storing long-lived secrets if possible. 2) Expect the skill to read ~/.linkmind/.env (home-level) — either move or inspect that file so unrelated secrets aren't accidentally used. 3) The code launches a local Chrome (remote-debugging) and uses ffmpeg/ffprobe and yt-dlp for transcript work; these binaries must be present though not declared in the skill metadata. 4) Running commands via 'npx tsx' may fetch tooling from npm at runtime — if you want to avoid runtime network installs, install dependencies locally first. 5) If you don't trust the source, run the scripts in an isolated environment (VM/container) and inspect or replace any stored .env values. If you need help checking which secrets will be read/written or want a trimmed-down version that avoids cookies/ASR, consider requesting that from the author or running a manual audit.

✗

scripts/chrome-cdp.ts:206