Skillv1.0.3

ClawScan security

掘金自动发布 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 11, 2026, 1:51 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's description (auto-publish to 掘金) is plausible, but the runtime instructions expect local Python scripts and a persistent cookie file that are not provided or declared—this mismatch and the need to supply your full session cookie are concerning.
Guidance: This skill claims to automate publishing to 掘金, which is plausible, but the SKILL.md expects local Python scripts and a persistent cookie file that are not included or declared. Before installing or using it: 1) Do not paste your full 掘金 session cookie into chat or untrusted inputs. Treat the cookie like a password — anyone with it can act as you. 2) Ask the publisher for the actual scripts or an install spec, or provide your own vetted scripts; do not run unknown .py files. 3) Prefer short‑lived API tokens if the service supports them, or keep the cookie in a secure secret store rather than a plain file in your workspace. 4) If you install, restrict autonomous invocation or audit actions the agent takes (so it cannot publish without explicit approval). 5) If you must use the provided workflow, inspect any extract_juejin_cookie.py / juejin_publisher.py code before executing, and verify where cookies are written and who can read them.

Review Dimensions

Purpose & Capability: notePurpose (publish to juejin.cn) matches the instructions to call juejin APIs with a session cookie. However the SKILL.md references local scripts (~/.openclaw/workspace/custom/juejin_publisher.py, extract_juejin_cookie.py) and a config file (~/.openclaw/workspace/JUEJIN.md) even though the registry metadata declares no required config paths and no code files are bundled. That discrepancy is unexplained.
Instruction Scope: concernInstructions ask the user (or agent) to extract and persist the full 掘金 Cookie and run local Python scripts. The skill provides example scripts/snippets but does not actually include the referenced scripts or a load_cookies implementation. Asking users to copy session cookies is sensitive because those cookies grant full access to the account; the instructions do not limit or explain scope, nor do they provide any secure-storage guidance.
Install Mechanism: okThere is no install spec and no code shipped with the skill (instruction-only). That is lower risk in terms of arbitrary downloads. The risk arises from missing referenced scripts (instructions expect files that are not present).
Credentials: noteThe skill declares no required environment variables or config paths, yet the instructions require storing and reading a cookie file at ~/.openclaw/workspace/JUEJIN.md and using cookie values for authentication. The request for the user's session cookie is directly related to purpose, but the absence of a declared config path or credential field is an inconsistency and reduces transparency.
Persistence & Privilege: concernalways:false (good). But the instructions encourage persisting a session cookie in the user's workspace, which creates a sensitive long-lived credential usable by the agent. Since the platform allows autonomous invocation by default, installing this skill would permit the agent to act using that cookie unless you restrict invocation—this combination increases potential for unintended account actions.