围棋选手信息查询
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A queried name will be submitted through an automated browser session to the Yichafen website, and the browser runs with reduced sandboxing.
The skill automates Chromium to query an external site, including a no-sandbox launch flag. This is disclosed and aligned with the Yichafen lookup purpose, but it has a larger local safety footprint than a simple HTTP request.
browser = p.chromium.launch(
headless=headless,
args=['--no-sandbox', '--disable-gpu', '--disable-dev-shm-usage']
)Use this skill only for intended player lookups, keep Playwright/Chromium updated, and avoid running it in a privileged local environment.
Installation may download third-party packages/browser components that are not captured by the registry metadata.
The documented setup requires installing Playwright and a Chromium browser, but the registry requirements/install spec do not declare these dependencies. The dependency is purpose-aligned for browser-based querying.
pip install playwright playwright install chromium
Install dependencies from trusted sources, review package versions where possible, and avoid unnecessary global or privileged installs.
Temporary browser state or cookies from the queried site may remain briefly on the local machine.
The Yichafen path defines temporary browser data and state files for session reuse. This is scoped to /tmp and a short timeout, but it means website/session context can persist across invocations.
USER_DATA_DIR = Path("/tmp/yichafen_browser_data")
SESSION_TIMEOUT = 300 # 会话有效期5分钟
STATE_FILE = Path("/tmp/yichafen_state.json")Do not enter sensitive data into the automated browser flow, and clear /tmp/yichafen_browser_data or /tmp/yichafen_state.json if you want to remove retained session state.