Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
小红书自动发布
v1.2.0自动读取指定文件夹当日视频和标题,连接Chrome通过脚本将内容发布到小红书账号。
⭐ 0· 73·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements the stated purpose (read a local folder and drive Chrome to publish on 小红书 via Puppeteer). However the implementation is Mac-specific and uses a hardcoded path (/Users/today/Movies/小红书英语) rather than the user's HOME (~) declared in SKILL.md; skill.json mentions cookies and YouTube downloads even though the runtime code does not perform downloads. The metadata omits mention of required local commands (curl, open).
Instruction Scope
SKILL.md instructs to enable Chrome remote debugging and to place files in ~/Movies/..., which matches the high-level behavior, but the runtime script diverges: it uses a hardcoded user path (/Users/today), spawns local commands (curl and open) and saves screenshots to /tmp. The skill will control whatever Chrome profile is exposed to the remote debugging port (i.e., it will act as the logged-in user), which is a sensitive capability not emphasized in the docs.
Install Mechanism
There is no install spec even though the code requires Node.js modules (puppeteer). The manifest lists runtime: node but does not provide steps to install puppeteer or other npm deps. The script also expects system binaries (curl, open) and a Mac environment; these are not declared in requirements, which is an incoherence and operational risk.
Credentials
No environment variables or credentials are declared, which is consistent, but the skill depends on an already-authenticated Chrome session (it uses Chrome's cookies/profile via remote debugging). That gives the skill access to session cookies and any logged-in accounts in that profile. skill.json also mentions 'cookies' for YouTube downloads, which the code does not perform — an unexplained requirement.
Persistence & Privilege
The skill does not request always:true and does not modify other skill configurations. However enabling Chrome with --remote-debugging-port exposes the browser profile to external control while the port is open; the script starts Chrome with that flag (or connects if already running), so the effective privilege is broad during execution. This is a legitimate need for Puppeteer automation but is high-impact and should be limited to a dedicated browser profile.
What to consider before installing
This skill automates posting by controlling your Chrome browser via the remote debugging port — that means it will act as whatever Chrome profile is exposed (including using your logged-in accounts and cookies). Before installing:
- Inspect and/or modify the code: change the hardcoded path /Users/today to a proper configurable path (e.g., process.env.HOME) or confirm it matches your environment.
- Do not run this against your main Chrome profile. Start Chrome with a dedicated user-data-dir and only enable --remote-debugging-port for that profile, or run it in a throwaway profile.
- Ensure Puppeteer and Node dependencies come from a trusted source; the package has no install spec for npm modules.
- Be aware the script uses macOS-specific commands (open) and curl; it appears Mac-only.
- Review the unexplained skill.json note about YouTube cookies — the runtime does not download videos, so confirm your workflow and privacy implications.
- If you proceed, run in a controlled environment first, and avoid leaving the remote debugging port open after use.skill.js:9
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk973c63neckjnd7vy0xwdm258583xwra
License
MIT-0
Free to use, modify, and redistribute. No attribution required.