v0.6.1

Naver Blog Publisher

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:04 AM.

Analysis

This skill is review-worthy because it can publish paid public Naver Blog posts using a local logged-in browser session while installing an unpinned local runner/daemon.

GuidanceInstall only if you are comfortable running the external Naver thin-runner on your Mac, logging into Naver locally, and allowing the agent to publish live paid posts. Verify the runner package/source first, pin versions if possible, use dry-run previews, avoid broad admin keys, and require explicit confirmation before any publish_live action.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Flow: ... run `publish_dry_run` ... `publish_live`; Billing: `publish_live` is the paid path

The documented workflow ends in a live, billable publish action, but the artifacts do not clearly require explicit final user approval or show target-account/content confirmation before that high-impact action.

User impactOnce set up, the agent could create a public and billable Naver Blog post under the user's account if it follows the live publish path.

RecommendationMake dry run the default, require explicit user confirmation before publish_live, and show the target account/blog, title, body, tags, schedule, and billing impact before posting.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

npx @y80163442/naver-thin-runner setup --setup-url "<SETUP_URL>" --auto-service both

The setup path executes an unpinned external npm package, while the provided artifact set contains no runner code or install lockfile for review.

User impactInstalling or running the skill may execute external package code that handles local setup and browser-session-backed publishing.

RecommendationPin the package version, provide source/provenance and an install spec or lockfile, and let users review the runner code before installing it.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`npx @y80163442/naver-thin-runner setup --setup-url "<SETUP_URL>" --auto-service both` ... `npx @y80163442/naver-thin-runner daemon start --port 19090`

The skill can set up automatic services and start a daemon, but the artifacts do not describe how long it persists, how to stop it, or what permissions it retains.

User impactA local runner may continue operating after the initial publish task unless the user knows how to disable it.

RecommendationMake background service installation opt-in, document service names and permissions, and provide clear stop, disable, and uninstall commands.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Publish prepared content to Naver Blog from an authenticated local browser... fallback: `CONTROL_PLANE_URL + ACP_ADMIN_API_KEY`; `X_LOCAL_TOKEN` optional and auto-loaded from `~/.config/naver-thin-runner/config.json`

The skill relies on an authenticated browser session, a local token, and an admin API key fallback, which are sensitive privileges that are not clearly limited to the minimum authority needed.

User impactThe runner may have enough authority to publish through the user's Naver session or use broader control-plane privileges if configured.

RecommendationDeclare and document all credentials, avoid the admin-key fallback where possible, use least-privilege scoped tokens, and explain exactly which account/session is used.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

`OPENCLAW_OFFERING_EXECUTE_URL` preferred; fallback: `CONTROL_PLANE_URL + ACP_ADMIN_API_KEY`; `X_LOCAL_TOKEN` optional and auto-loaded... `LOCAL_DAEMON_PORT` default `19090`

The skill routes publishing through ACP/control-plane and local-daemon interfaces, but the provided artifacts do not clearly document identity, origin checks, or data-boundary protections for those calls.

User impactPrepared blog content and publish commands may pass through local or control-plane endpoints whose access rules are not fully described.

RecommendationDocument the trust boundaries, require local authentication for daemon calls, restrict the daemon interface, and specify what data is sent to each endpoint.