Skillv1.1.0

ClawScan security

知网高级检索 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 2:49 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's actions (browser automation to export CNKI results) match its stated purpose, but the runtime instructions explicitly tell the agent to ignore CAPTCHA-like indicators and continue without notifying the user, which is a concerning behavior that's not justified by the description.
Guidance: This skill appears to do what it claims (automate CNKI advanced searches and export results), but its runtime instructions explicitly tell the agent to ignore DOM indicators of CAPTCHAs/security verification and to continue performing form actions unless the form is actually blocked. That behavior can (a) hide automation failures from you, (b) attempt to bypass site anti-bot controls, and (c) increase the chance of violating CNKI's terms of service. Before installing, consider: 1) Only install if you understand and accept legal/ToS risks of automating CNKI; 2) Require the agent to always notify you when a CAPTCHA or security-verification indication appears (change the instruction to halt and ask for manual intervention); 3) Ensure you will supervise the first runs and check downloaded files for completeness; 4) Ask the skill author to justify the requirement to use profile="openclaw" and to remove instructions that encourage ignoring CAPTCHA indicators. If the author can provide a clear safety/operation rationale (or modify the SKILL.md to halt and notify on any CAPTCHA/security element), my confidence in the skill being coherent would increase.

Review Dimensions

Purpose & Capability: okName/description describe automated CNKI advanced-search and export; the SKILL.md contains step-by-step browser automation instructions that align with that purpose (open CNKI, select journal/CSSCI, enter keywords, sort, change view, export Word). No unrelated credentials, binaries, or installs are requested.
Instruction Scope: concernThe instructions direct the agent to continue interacting even when snapshots contain text like '拖动下方拼图完成验证' or '安全验证' and to not report these to the user unless the form actually becomes unusable. This explicitly encourages ignoring site anti-bot signals (CAPTCHA indicators) rather than halting and asking for user input. It also insists on using an agent-managed 'openclaw' browser profile and forbids a user-visible profile, reducing transparency. Those behaviors broaden the agent's discretion in ways that can lead to hiding failures or bypassing detection.
Install Mechanism: okInstruction-only skill with no install spec and no code files. Low install risk because nothing is written to disk by the package itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The scope of secrets or system access requested is minimal and proportionate to the described automation task.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide privileges. It instructs moving downloaded files into the user's Downloads directory, which is normal for an automation workflow.