Skillv1.0.0

ClawScan security

Content Analytics · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 10:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (multi‑platform content analytics) is plausible, but the instructions and metadata are incomplete and inconsistent about how it will access data (cookies vs APIs), what runtime components (Playwright, GLM‑5) are required, and how sensitive credentials are handled.
Guidance: This skill could be useful, but it is underspecified and requests sensitive cookies without telling you how they will be used or stored. Before installing or providing credentials: 1) Ask the author to clarify whether official APIs or web scraping (Playwright) will be used for each platform and to provide a privacy/handling policy for cookies; 2) Prefer OAuth or API tokens scoped to read‑only creator data rather than raw session cookies; 3) Ask how GLM‑5 is hosted and whether any API keys or data leave your environment; 4) Avoid pasting account cookies into public or shared agents — treat them as high‑risk secrets; 5) If Playwright or a headless browser will be run, only allow it in a controlled environment since it can persist session files. If the author cannot clarify these points (especially where Zhihu creds belong and how secrets are stored/transmitted), consider the skill suspicious and avoid supplying credentials.

Review Dimensions

Purpose & Capability: noteThe name/description (analyze Juejin, Xiaohongshu, Zhihu content) matches the SKILL.md functionality. Requesting cookies for Juejin and Xiaohongshu is consistent with scraping/creator‑center access. However, Zhihu is listed as a data source but no cookie/config example is provided. The tech stack calls out Playwright and GLM‑5 though no install or runtime requirements are declared, which is an omission.
Instruction Scope: noteSKILL.md tells the agent to analyze and compare platform data and shows optional JSON cookie configs for two platforms. It does not instruct reading unrelated system files or environment variables. But it is vague about the exact data‑fetch method (official APIs vs web scraping), error handling, and where analysis/modeling happens — leaving the agent broad discretion to use Playwright to scrape pages, which has higher privacy/risk implications.
Install Mechanism: concernThere is no install spec (instruction‑only), which is low risk by itself, but the documented tech stack names Playwright (a browser automation tool) and GLM‑5 (an LLM). Mentioning Playwright implies downloading/ running headless browsers and possibly persisting session files/cookies; the skill provides no guidance or install steps for these components. This mismatch (expectation of heavy runtime dependencies without install instructions) is a practical and security concern.
Credentials: concernThe skill does not declare any required environment variables, yet it expects sensitive credentials (platform cookies) passed in JSON config examples. Cookies are high‑value secrets that expose account access; the skill offers no guidance on storage, scoping, or using official OAuth tokens instead. Also, Zhihu is a declared data source but there is no example credential/config for it, which is inconsistent.
Persistence & Privilege: okThe skill is not always‑on, does not request system config paths, and is instruction‑only. It does not declare persistence or system‑wide changes. There is no explicit request to modify other skills or store agent‑wide tokens.