Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
briefing
v1.0.9Automatically track creator channels and transcribe new videos (YouTube, Bilibili, TikTok) with zero token cost during the pipeline. Use memory-based updates...
⭐ 0· 385·0 current·0 all-time
byYutai Gu@yutaigu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to run a 'briefing' CLI that tracks channels and transcribes videos. The installer and runtime expectations (Python 3.12, ffmpeg, a launcher that runs main.py) are consistent with that purpose.
Instruction Scope
SKILL.md requires executing the briefing CLI via bash and instructs the agent to automatically run the provided install.sh if the binary is missing. That gives the skill the ability to run an installer script automatically at runtime; the script clones a repo and installs/executes code — a wider scope than merely running a local CLI binary.
Install Mechanism
install.sh clones a GitHub repo (REPO_URL default), creates a Python venv, pip-installs requirements from the repo, and writes a launcher into /usr/local/bin or ~/.local/bin (using sudo if available). Cloning and pip-installing arbitrary repository code at install time is a moderate-to-high risk action (remote code execution surface). The repo host is GitHub (reasonable), but the script executes code from that repo (main.py) after installation.
Credentials
The skill declares no required credentials or env vars. The installer itself supports overrides (REPO_URL, INSTALL_DIR, BIN_DIR, PYTHON_BIN), which is normal for an installer but means changing env values can redirect the install to other code. No direct exfiltration or credential access is requested by SKILL.md.
Persistence & Privilege
The installer modifies user shell profile files to add the launcher directory to PATH and installs a persistent launcher script in system or user bin. always:false (not force-included), but the installer still makes persistent changes to the user's environment if run.
What to consider before installing
This skill appears to be a wrapper for a third-party CLI and its installer will clone a GitHub repo, install packages with pip, and place an executable in your PATH (possibly using sudo). These behaviors are coherent with a CLI-based transcription tool, but they also let remote code run on your machine. Before installing or allowing the agent to run the install script: 1) Review the repository contents (especially requirements.txt and main.py) to ensure you trust the code and packages being installed. 2) Prefer running install.sh manually in a controlled environment (container, VM, or non-privileged user account) rather than allowing the agent to execute it automatically. 3) Avoid running the installer with sudo unless you understand why system-wide install is needed; use INSTALL_DIR and BIN_DIR to install into a local directory instead. 4) If you do not trust the upstream repo, set REPO_URL to a vetted source or decline installation. 5) If you want to be extra cautious, block or disable commands.bash for autonomous agents so the agent cannot run the installer automatically.Like a lobster shell, security has layers — review code before you run it.
latestvk975xyhwcx8wpq67x859ca42t18235t2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📺 Clawdis