微博内容保存
ReviewAudited by ClawScan on May 12, 2026.
Overview
This Weibo-saving workflow is mostly purpose-aligned, but it needs review because it tells the agent to bypass a network safety block to fetch images and can use browser and cloud-service credentials.
Review the SSRF-bypass image-fetching step before installing. If you use the skill, keep it limited to a dedicated browser profile and a specific Obsidian folder, leave Feishu/Notion credentials blank unless needed, and avoid saving sensitive or private Weibo links through external fallbacks.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may bypass network protections that are meant to stop unsafe requests, even if the intended target is Weibo images.
The skill explicitly says a direct download is blocked by an SSRF policy and then instructs the agent to use browser evaluation as a workaround to fetch the blocked image content.
Sinaimg 域名解析到 `198.18.x.x` 私网 IP,被 SSRF 策略阻止,无法直接下载。... 用 browser 的 `evaluate` 在页面内发请求获取图片 blob
Do not bypass SSRF or private-network protections; use an approved allowlisted downloader for known Sinaimg domains, or require explicit user approval and fail safely when blocked.
If configured, the agent can act through your browser session and create/upload content in the connected Notion workspace.
The workflow can use a browser profile and optional Notion credentials, which may carry logged-in session or API authority.
`{{NOTION_API_KEY}}` | Notion API Key 路径... `{{BROWSER_PROFILE}}` | Browser profile,推荐 `openclaw`Use a dedicated browser profile, grant least-privilege Notion/Feishu access limited to the intended database or table, and leave optional credentials blank if you do not need cloud sync.
A Weibo link you ask the agent to save may be shared with a third-party service as part of the fallback path.
The skill may send the Weibo URL to an external reader service when browser scraping fails.
若 browser 方式失败...用 Jina Reader fallback:`curl -s "https://r.jina.ai/https://weibo.com/<uid>/<mid>"`
Avoid using the fallback for private, deleted, protected, or otherwise sensitive posts unless you are comfortable sharing the URL with that service.
Previously saved images in the target folder could be replaced if two posts use the same image filename.
Images are saved into a shared `imgs/` folder and duplicate filenames are automatically overwritten.
不同帖子图片重名时自动覆盖。
Prefer per-post image subfolders or unique filenames, or ask for confirmation before overwriting existing files.