上海律协考核自动视频播放
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill openly automates law-course playback, but it gives a scheduled agent ongoing control of a live Chrome session to enroll in and complete courses on the user’s account.
Before using this skill, make sure you are comfortable letting an automated agent control a logged-in Chrome tab, enroll in courses, and advance training progress on your account. Use a dedicated browser profile, review the course queue, supervise the first run, confirm the notification destination, and delete or disable the cron loop when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistake or unwanted run could enroll in courses or change training-progress records on the user’s law-school account without a fresh confirmation for each action.
The skill instructs the agent to use browser automation to enroll in courses and advance through course completion on an external training platform.
handle course enrollment ("选修并学习"), detect video completion, switch to the next courseUse only with an explicit course list and active supervision; require user approval before enrollment or completion-changing actions, and add domain checks before browser actions.
The agent can act as the user in the selected Chrome tab, including making account-affecting clicks on the training site.
The skill depends on controlling a live Chrome profile/tab, which may include the user’s authenticated session for the training site.
Requires Chrome browser connected via OpenClaw Browser Relay ... **Browser tool**: `profile=chrome`, `targetId` from state file
Run in a dedicated browser profile limited to the training site, verify the target tab before starting, and declare the browser-session dependency clearly.
The agent may continue using the browser session and model quota after setup, and the artifacts do not clearly say how the cron job is stopped or deleted.
The workflow creates a recurring autonomous agent turn every eight minutes for long-running monitoring.
"name": "video-check-loop", "schedule": { "kind": "every", "everyMs": 480000 }, "payload": { "kind": "agentTurn"Add explicit stop/delete-cron instructions, stop automatically when all courses are complete, and give the user a visible way to pause the loop.
Anyone or anything that changes this state file could affect where the browser navigates or where progress notifications are sent.
A persistent state file stores the browser target, course URLs, progress, and notification destination that the cron loop later trusts.
"current_url": "https://lawschool.lawyerpass.com/course/detail?courseId=xxx", "notify_group": "<wecom group space id>", "target_id": "<Chrome targetId from browser snapshot>"
Keep the state file private, validate URLs against lawschool.lawyerpass.com before using them, and avoid storing unnecessary identifiers.
Course titles and completion progress may be shared with the configured notification group.
The skill sends course-title and progress notifications to an external WeCom/OpenClaw message channel.
Use `message` tool on every video complete and every video start: ... `✅ 播完:{title}` ... `▶ 开始:{title}`Confirm the notification group is intended and acceptable for sharing course-progress details before starting.