ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Douban Self Taste Skill

v0.1.2

Collect, refresh, normalize, and analyze the user's own Douban history for taste analysis and recommendation reasoning. Use when the task involves the user's...

0· 190·0 current·0 all-time
by@xeric7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match included scripts and SKILL.md: crawling logged-in Douban pages, extracting saved HTML, normalizing JSON, and building taste profiles. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md confines actions to the user's own Douban data and specifies exact local paths. It instructs reading a browser-exported cookie JSON and saved HTML or performing logged-in crawls. Note: those cookies are sensitive authentication material and the skill persists crawl/cache files locally; user consent and care are expected.
Install Mechanism
No install spec (instruction-only) — lowest install risk. However the bundled Python scripts require runtime dependencies (httpx, bs4/lxml) which are not declared; the environment must provide them. No external downloads or unusual installation steps are present.
Credentials
No environment variables or unrelated credentials are requested. The only sensitive input is a browser-exported cookie JSON, which is proportionate to the stated logged-in crawl functionality.
Persistence & Privilege
always is false and the skill only writes to its own .local/douban-self-taste paths by default. It does not request system-wide changes or other skills' configs.
Assessment
This skill appears to do what it says, but you should (1) only provide cookies for an account you control and understand that cookies are equivalent to logged-in access — consider creating a limited or temporary session if you are cautious; (2) inspect the cookie file before handing it over (it may contain session tokens like dbcl2); (3) ensure Python and the required packages (httpx, BeautifulSoup/lxml) are available in a safe environment or sandbox before running the scripts; (4) be aware the skill will persist cache and analysis files under .local/douban-self-taste — delete them when you no longer want them stored; and (5) review the included scripts yourself (they only target Douban hosts) if you need higher assurance.

Like a lobster shell, security has layers — review code before you run it.

latestvk976r82fqaf27894hxfcbpxpkh82wr26

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments