Skillv1.2.0

ClawScan security

Weibo OpenClaw Ops · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 4:37 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are coherent with a Weibo browser-automation purpose, but it stores session state on a remote runtime and recommends periodic automated keepalive checks — you should confirm storage, retention, and scheduling policies before use.
Guidance: This skill appears to do what it says: server-side browser automation for Weibo. Before installing, consider: 1) Session sensitivity — the .state/weibo-auth.json file will hold cookies/authorization tokens on the remote runtime; confirm who can access that host, how long the file is kept, and how to delete or revoke it. 2) Keepalive scheduling — the skill recommends automated checks every 6–12 hours; clarify whether those runs require explicit consent each time or will run autonomously, and ensure this won't violate Weibo's terms or trigger anti-bot protections. 3) Mutations require explicit user intent per the instructions, but enforce this in your agent configuration (don’t rely solely on prose guardrails). 4) Because the skill is instruction-only and has no provenance or homepage, prefer running it in a controlled environment (limited-access runtime, audit logging, short retention) or request the skill author to provide an origin and a privacy/retention statement. If you need higher assurance, ask for: where session files are stored, who has access, retention policy, and an option to disable automatic keepalive.

Review Dimensions

Purpose & Capability: okName/description match the instructions: the SKILL.md exclusively describes server-side browser automation (login-by-QR, persist session state, read feed/messages, publish posts, bounded like/follow workflows). Nothing in the instructions requests unrelated credentials, binaries, or installs.
Instruction Scope: noteInstructions remain focused on Weibo automation and give concrete agent-browser commands and guardrails (explicit user consent for mutations, limits for batch likes, avoid pinned posts). They do instruct creating and loading a persistent session file (.state/weibo-auth.json) and recommend periodic (6–12h) read-only keepalive checks — both are within scope but expand the runtime behavior beyond a one-off user action.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, which minimizes on-disk risk; nothing is downloaded or installed by the skill itself.
Credentials: noteThe skill declares no environment variables or external credentials, which matches its metadata. However, it explicitly instructs persisting session state (cookies/tokens) to .state/weibo-auth.json on the remote runtime — that file effectively contains authentication material and should be treated like sensitive credentials even though it's not represented as a required env/config in the metadata.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system settings. It does recommend periodic keepalive checks; this implies recurring network activity and persisted auth state but does not by itself indicate excessive privilege on the platform.