Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clean Skill
v1.1.0Cross-reference restaurant recommendations from Xiaohongshu (小红书) and Dianping (大众点评) to validate restaurant quality and consistency. Use when querying resta...
⭐ 0· 568·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and SKILL.md align with the stated purpose (cross-referencing Dianping and Xiaohongshu), and the repo contains matching fetch/match/scoring logic. However, metadata claims 'instruction-only' with no install spec while the package includes many Python scripts that require runtime dependencies (Playwright, requests, bs4, thefuzz, etc.). SKILL.md lists selenium in dependencies but the real scrapers use Playwright; Playwright is used in code but not declared in the SKILL.md dependency list. That mismatch between claimed install/packaging and actual runtime needs is an incoherence.
Instruction Scope
Instructions explicitly direct web scraping (including use of residential proxies, cookie-based authentication, and rotating user-agents) and persistence of browser login sessions. This is within the stated purpose but expands the agent's runtime behavior into authenticated scraping and persistent local session storage. The SKILL.md and code ask the agent/user to maintain cookies and proxies (sensitive operational inputs) but do not declare how these should be supplied/secured. The instructions also recommend throttling and proxy rotation—practical but potentially enabling large-scale scraping that may violate third-party ToS or law.
Install Mechanism
There is no install spec in registry metadata (instruction-only), yet the skill contains non-trivial Python code that depends on third-party libraries and Playwright (which downloads browser binaries). SKILL.md lists a pip install line that includes selenium but omits playwright; code calls playwright.async_api. This mismatch means running the skill will likely fail or trigger implicit downloads (Playwright browser installs) with no guidance. Absence of a vetted install mechanism increases risk and friction.
Credentials
The skill requests no environment variables in metadata, but its runtime behavior expects and documents needing cookies (for Xiaohongshu), proxy endpoints/credentials (residential proxy providers), and persistent session directories. Those are effectively sensitive credentials/configs but are not declared as required environment or secret inputs. The skill recommends third-party proxy providers (Bright Data, Smartproxy) which may require credentials; storing those in config files (scripts/config.py) or inserting them without clear secret handling is disproportionate and risky.
Persistence & Privilege
The skill creates and uses persistent browser sessions (Playwright launch_persistent_context with user_data_dir via session_manager). That means it will write cookies/session state to disk under session directories managed by the skill. 'always' is false and the skill does not request system-wide privileges, but persistent session storage and local cookie files are significant persistence vectors and should be reviewed before use.
What to consider before installing
Key things to consider before installing or running this skill:
- Dependency and install gap: The code uses Playwright (and Playwright will download browser binaries), but SKILL.md's pip list omits playwright and instead mentions selenium. Check scripts/requirements.txt and add/install playwright before running; expect browser downloads and larger disk/network usage.
- Session/cookie persistence: The skill uses a session_manager and persistent Playwright contexts that store login cookies on disk. Inspect scripts/session_manager.py to see where session data are stored and ensure file permissions/restrictions are appropriate. Treat those session dirs as sensitive (they contain authentication state).
- Secrets and proxies: Although the registry metadata lists no required env vars, the skill expects cookies and may require proxy credentials if you enable proxies. Do not paste third-party proxy credentials or cookies into code/config files on multi-user systems; prefer environment variables or a secure secret store and review where the skill will persist them.
- Legal & ToS risk: The skill explicitly recommends scraping platforms that (per its own docs) prohibit scraping. Use only for personal research and be aware that sustained scraping may violate site terms and local laws. For production/commercial use, obtain official APIs.
- Test in a sandbox: Run the provided mock/server-friendly variant (crosscheck_simple or the example tests) first to verify behavior without performing real scraping. Review logs and network calls during a real run in an isolated environment.
- Review code paths: Before giving the skill network access or credentials, read session_manager.py and any remaining omitted files to check how credentials, proxies, and session directories are handled. Ensure no unexpected external endpoints are contacted and that data is not exfiltrated to third-party servers beyond the target platforms.
If you need help auditing specific files (e.g., session_manager.py or requirements.txt), provide them and I can inspect for storage locations, network endpoints, and credential handling.Like a lobster shell, security has layers — review code before you run it.
latestvk976qgztnz3kwpe12brbyxfjes819r5g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.