Restaurant Crosscheck CN
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for restaurant lookups, but it relies on logged-in browser scraping, saved session cookies, and anti-bot/proxy techniques that users should review carefully.
Install only if you are comfortable logging into Dianping and Xiaohongshu through a browser controlled by this skill and letting it save those sessions locally. Review setup.sh and dependencies first, consider a separate account, delete/reset sessions after use, and be aware that the real-data mode uses anti-scraping techniques that may violate platform terms or lead to account/IP blocking.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the real-data mode could violate platform terms, trigger account/IP blocks, or expose the user to risks from automated scraping under their logged-in sessions.
The skill explicitly advertises anti-detection scraping using persistent sessions and visible browser automation. This is not hidden, but it is materially risky because it is designed to bypass platform scraping controls.
🤖 **反检测** — 持久化会话 + 可见浏览器,稳定抓取
Only use the real scraping mode if you understand the platform terms and account risk; prefer official APIs or manual research where possible, and avoid proxy/anti-detection workflows unless explicitly acceptable.
Anyone or anything with access to those local session files may be able to act as the logged-in user on Dianping or Xiaohongshu until the sessions expire or are reset.
The skill saves logged-in platform sessions for later automation. Browser session state commonly includes cookies or localStorage tokens that grant account access, while registry metadata declares no primary credential.
登录后关闭浏览器 - 脚本自动保存登录状态 ... 登录状态会保存 1-2 周
Use a separate low-risk account if possible, store the skill only on trusted machines, reset/delete sessions after use, and treat saved browser sessions as sensitive credentials.
Users may underestimate the risk of allowing the skill to store and reuse logged-in sessions for third-party services.
The documentation downplays the sensitivity of saved session state. Cookies and localStorage can function as authentication material even if the skill does not collect the account password.
只保存会话状态 - 不接触敏感信息
The skill should clearly warn that saved session state is sensitive account material and explain where it is stored, how long it persists, and how to revoke it.
Running the setup script changes the local Python/browser environment and depends on external package sources.
The manual setup downloads dependencies and browser binaries outside a declared install spec. This is expected for a Playwright scraping tool, but it increases what users must trust.
bash setup.sh ... 安装所有 Python 依赖 ... 下载 Playwright 浏览器
Review setup.sh and requirements before running them, use a virtual environment, and pin dependency versions if deploying beyond personal testing.