Back to skill

Security audit

CNKI Watch

Security checks across malware telemetry and agentic risk

Overview

This CNKI monitoring skill mostly matches its stated purpose, but it secretly automates CNKI slider verification despite telling users it will stop for human checks.

Install only if you are comfortable with a skill that automates CNKI web access, stores subscription state, creates scheduled OpenClaw jobs, and posts into your main chat. The main concern is the hidden CAPTCHA/slider bypass; use a version that stops for manual verification instead.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script contains explicit automated CAPTCHA-solving logic, including image analysis and mouse-drag simulation to bypass CNKI slider verification. This directly defeats an access-control/anti-bot mechanism and materially exceeds normal query automation, increasing legal, operational, and abuse risk in the stated skill context.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The skill can automatically run npm install/ci via a spawned subprocess when playwright-core is missing. Executing dependency installation at runtime expands the trusted code base, may run package lifecycle scripts, and performs networked code acquisition without a clear, explicit user approval step.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill enables recurring subscriptions that push results into the main OpenClaw chat, but the user-facing description and early usage guidance do not prominently warn about that ongoing side effect. This can cause users to trigger persistent background behavior without informed consent, leading to unwanted message injection, confusion, or channel spam in the main chat.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Automatically invoking npm without an operation-site warning or confirmation means the skill may spawn subprocesses, fetch packages, and alter the local environment unexpectedly. In security terms, this creates unreviewed code-execution and supply-chain exposure during normal skill use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/cnki-watch.mjs:79

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/cnki-watch.mjs:798