Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenCLI Tool Integration
v1.0.0使用 OpenCLI 工具从各种网站和桌面应用获取数据、下载媒体内容、控制外部 CLI 工具。支持 Bilibili、知乎、小红书、Twitter/X、Reddit、YouTube、Boss直聘、即刻、微博等 30+ 平台,以及 Cursor、Codex、ChatGPT、Notion 等桌面应用。当用户需要:从社...
⭐ 4· 928·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes exactly the advertised capabilities (web scraping via browser bridge, desktop app control, external CLI passthrough, media download). However the registry metadata declares no required binaries or env vars while the instructions clearly require Node.js >= 20, Chrome running, a Browser Bridge extension, and optionally yt-dlp and other CLIs (gh, docker, kubectl). That omission is an incoherence: the skill will need local binaries and browser access even though the manifest lists none.
Instruction Scope
Instructions direct the agent to reuse Chrome's login state via a Browser Bridge extension and to talk to a local daemon (localhost:19825). Reusing browser sessions and controlling desktop apps/CLIs gives the tool access to logged-in accounts, cookies, and local resources — this is functionally necessary for the described features but is sensitive. The SKILL.md does not place explicit limits on which accounts/sites or what data may be accessed, so the agent (via the installed tool/extension) could obtain broad local/session data.
Install Mechanism
There is no formal install spec in the registry, but the SKILL.md instructs the user to run `npm install -g @jackwener/opencli` and to download a Browser Bridge extension from a GitHub Releases page. Installing an npm package and a browser extension is a common install method but carries moderate risk: the package and extension are third‑party code you must trust. The instructions also ask to enable developer mode for the extension, which increases risk if the extension source is not verified.
Credentials
The manifest lists no required environment variables or credentials, which aligns with using browser sessions rather than API keys. However, the tool implicitly relies on sensitive local state (Chrome logged-in sessions, desktop app states, local daemon). Those are effectively credentials (session cookies, tokens). The skill does not request explicit API keys, but it does request access to local session data — a proportional capability for the described features but sensitive and should be considered before enabling.
Persistence & Privilege
The skill is instruction-only, always:false, and does not request permanent platform presence or modify other skills. No evidence it escalates privilege in the registry metadata.
What to consider before installing
This skill appears to be what it says, but pay attention to a few important points before installing:
- Manifest mismatch: the registry metadata claims no required binaries/env, yet SKILL.md requires Node >= 20, Chrome running, a Browser Bridge extension, and optionally yt-dlp and other CLIs. Treat the listed install steps as mandatory.
- Sensitive local access: the tool reuses Chrome login sessions and talks to a local daemon (localhost:19825). That means the installed extension/daemon can access cookies, logged-in accounts, and local app state. Only proceed if you trust the package and extension.
- Third-party code risk: you must run `npm install -g @jackwener/opencli` and install an extension downloaded from GitHub Releases (and enable developer mode). Review the GitHub repo and NPM package owner, read the extension code or releases, and prefer official/reputable sources.
- Limit exposure: consider using a dedicated browser profile or secondary OS user for scraping tasks, avoid using sensitive accounts when the extension has access, and inspect network activity if possible.
- If you need higher assurance: review the opencli source code (repo and npm package), verify the Browser Bridge release checksum, and check what data the extension/daemon sends over the network.
Given the metadata omissions and the sensitive nature of browser session reuse, proceed with caution; if you cannot audit the external package and extension, consider alternatives or limit the accounts used with this tool.Like a lobster shell, security has layers — review code before you run it.
latestvk9782a78mtc1ceg0ctwcs4d62h83dgjx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.