ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CNKI Watch

v0.2.1

Query CNKI by journal name or research topic, and create journal or topic subscriptions that periodically push new CNKI paper metadata into the main OpenClaw...

0· 299·1 current·1 all-time
by@yjli-new
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to query CNKI and push results into OpenClaw; the included scripts, package.json, and README align with that. However the published registry metadata lists no required environment variables or credentials while the SKILL.md and references/config.md clearly require CNKI_COOKIE or CNKI_USERNAME/CNKI_PASSWORD. That metadata omission is an incoherence — a CNKI integration legitimately needs CNKI auth, so the metadata is incomplete and misleading.
Instruction Scope
The SKILL.md and scripts describe exactly the actions the skill will take: run a Node script, use Playwright to browse/scrape CNKI, read OpenClaw skill config (~/.openclaw/openclaw.json) and process.env for credentials and settings, create/list subscription state, and post new items back into the main OpenClaw chat (via gateway/chat.inject). The instructions do not ask the agent to read unrelated host data (e.g., shell history) or exfiltrate data to unknown external endpoints. They do instruct the script to stop and surface errors when CNKI shows captchas.
Install Mechanism
There is no formal install spec in the registry, but the bundled script will attempt to require('playwright-core') and, if missing, run npm install/ci inside the skill directory (spawn npm). package-lock.json is included and points to playwright-core from the npm registry. This is a standard npm install flow (moderate risk): it will fetch packages from npm at runtime unless dependencies are already present. There are no downloads from arbitrary URLs or URL shorteners in the manifest.
!
Credentials
The runtime expects CNKI credentials (CNKI_COOKIE preferred, fallback CNKI_USERNAME+CNKI_PASSWORD) and also respects optional host env vars (CNKI_WATCH_CHROMIUM, CNKI_WATCH_AUTO_INSTALL). Those credentials are proportionate to the stated CNKI-scraping purpose. The problem is that the skill registry metadata declares no required env vars or primary credential, which is inconsistent and could mislead administrators. The scripts also read OpenClaw config (including gateway token if present) from ~/.openclaw/openclaw.json — that is expected for delivery, but administrators should be aware the skill reads that config file.
Persistence & Privilege
The skill does persist subscription state to a local runtime file (runtime/subscriptions.json) under the skill directory and can add cron jobs via the OpenClaw CLI/gateway as described. It does not request 'always: true' and does not modify other skills. Autonomous invocation is allowed (platform default) which is expected for scheduled subscriptions; this raised no extra red flags by itself.
What to consider before installing
This skill appears to implement what it says (CNKI lookups + scheduled watches), but the published metadata is incomplete: it doesn't declare the CNKI credentials that the code and SKILL.md require. Before installing, verify you trust the skill owner and review the main script (scripts/cnki-watch.mjs). Pay attention to these points: - Provide credentials only to the skill's OpenClaw config (CNKI_COOKIE or CNKI_USERNAME/CNKI_PASSWORD). If you prefer not to store passwords, supply a session cookie. - The script may run npm install inside the skill directory to fetch playwright-core. If you want to avoid runtime network installs, set CNKI_WATCH_AUTO_INSTALL=0 and preinstall dependencies in a controlled environment. - The skill reads ~/.openclaw/openclaw.json (gateway port/token) to deliver messages; ensure that file's contents are acceptable to be read by this skill. - If you want extra safety, run the skill in a restricted container or review/lock the package-lock.json before allowing it to install dependencies. If you need, I can point to exact lines in scripts/cnki-watch.mjs that perform the npm install, read config, and post back to the gateway.

Like a lobster shell, security has layers — review code before you run it.

cnkivk975xjzrjsftqm9kgq9wsy20nx82gc0sjournal-watchvk975xjzrjsftqm9kgq9wsy20nx82gc0slatestvk975xjzrjsftqm9kgq9wsy20nx82gc0sliteraturevk975xjzrjsftqm9kgq9wsy20nx82gc0sresearchvk975xjzrjsftqm9kgq9wsy20nx82gc0s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binsnode, openclaw

Comments