v2.0.0

Restaurant Crosscheck CN

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:45 AM.

Analysis

The skill’s restaurant-checking purpose is coherent, but it relies on saved logged-in Xiaohongshu/Dianping browser sessions and anti-scraping automation that are not declared in the registry metadata.

GuidanceReview carefully before installing the full real-data mode. It may open a browser, ask you to log in to Dianping and Xiaohongshu, save those sessions locally, and then scrape those sites automatically for future restaurant queries. If you only need a demo, use the mock/server mode. If you use real scraping, install in an isolated environment, inspect setup.sh and the session manager, keep usage low, and delete the saved sessions when done.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

- **Anti-scraping**: Use residential proxies, rotate user agents

The skill explicitly instructs evasive scraping techniques in addition to browser automation, which is higher-risk than ordinary API use and can affect user accounts or networks.

User impactThe user’s account, IP address, or network could be rate-limited, challenged, or blocked by the platforms, and use may violate platform terms.

RecommendationUse the mock/server mode unless real scraping is necessary, keep request volume low, avoid proxy/evasion features unless you understand the consequences, and prefer official APIs or manual checks where possible.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

README.md

pip3 install playwright thefuzz
python3 -m playwright install chromium

The documentation asks users to install packages and download a browser runtime, while the registry lists no install spec. This is expected for Playwright scraping but should be visible before installation.

User impactInstalling the full version changes the local Python/browser environment and pulls third-party code and browser binaries.

RecommendationInstall in an isolated environment, review setup.sh before running it, and pin dependency versions if reproducibility matters.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

QUICKSTART.md

脚本自动保存登录状态 ... 登录状态会保存 1-2 周

This shows the skill saves and reuses authenticated platform login sessions; the registry metadata declares no primary credential or required config path, so users may not realize account sessions are part of the skill’s authority.

User impactInstalling and using the real-data mode may let the agent operate with saved Dianping/Xiaohongshu login sessions, which can expose the user’s accounts to scraping-related blocks or misuse if the skill is invoked unexpectedly.

RecommendationTreat this as an authenticated-account integration: only use it if you are comfortable saving local sessions, review the session manager code, and delete the saved session directory when finished.