ClawHub
Back to skill
v0.3.0

LinkMind Capture

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:01 AM.

Analysis

LinkMind mostly matches its stated purpose, but it uses account cookies/API keys, uploads media for transcription, and contains an eval-based extractor that should be reviewed before installation.

GuidanceBefore installing, review the WeChat extractor’s eval usage, confirm you are comfortable storing cookies/API keys in the skill’s .env file, and only enable ASR if sending media to the configured transcription provider is acceptable.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityMediumConfidenceMediumStatusConcern
scripts/wechat.ts
try { return String(eval(name) ?? ''); } catch { return ''; }

A runtime extractor uses eval. The artifacts do not show why dynamic evaluation is required or how the evaluated expression is strictly constrained, making this an unnecessary code-execution risk in a link-capture workflow.

User impactA crafted or unexpected page-parsing input could cause the extractor to execute expressions rather than only read content.
RecommendationReview this handler before installing; prefer a version that replaces eval with safe property lookup or explicit parsing.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
allowed-tools: Shell, Read, Write, Glob, Grep ... npx tsx skills/linkmind/scripts/weibo.ts "<URL>" --config skills/linkmind/config.json

The skill asks the agent to run shell-based handler scripts and write into the configured Obsidian vault. This is central to the capture workflow, but it grants broad local execution and file-write capability.

User impactThe skill can run local commands and create files in the configured vault when you ask it to capture a link.
RecommendationUse it only with links you intend to capture, keep the vault path correct, and review command output/errors before relying on generated notes.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
scripts/config.ts
config.cookies.weibo = envString("LINKMIND_WEIBO_COOKIE") ?? config.cookies.weibo; ... config.cookies.xiaohongshu = envString("LINKMIND_XHS_COOKIE")

The skill can use platform cookies and ASR API keys from environment/.env configuration. This is purpose-aligned for capturing logged-in content and transcription, but cookies are sensitive session credentials.

User impactAnyone with access to the configured .env file may be able to reuse social-media session cookies or API keys.
RecommendationOnly configure cookies if needed, keep the .env file private, use a separate low-privilege account if possible, and rotate cookies/API keys if the skill directory is shared.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
scripts/extract-transcript.ts
const LFASR_UPLOAD_URL = "https://raasr.xfyun.cn/v2/api/upload"; ... fetch(`${baseUrl}/audio/transcriptions`, { method: "POST", headers: { Authorization: `Bearer ${apiKey}` }, body: form })

When ASR is enabled, downloaded media/audio is uploaded to external transcription providers. This matches the transcription feature, but it is a sensitive data flow.

User impactAudio or video content from captured posts may be sent to iFlytek or OpenAI-compatible providers for transcription.
RecommendationEnable ASR only for content you are comfortable sending to the selected provider, and verify any custom OpenAI-compatible base URL before use.