Social Push Semi

小红书半自动发布脚手架：自动生成文案、自动抽封面图、产出发布包；最后由人工确认发布。

What to consider before installing: - Missing declared secret: The code requires an API key (DOUBAO_API_KEY by default) for the image-generation endpoint, but the skill metadata does not declare this. Expect to provide that key in your environment if you use the image-generation features; don't reuse high-privilege keys. Audit where you store the key. - Browser/profile access: The skill creates/manages Chrome user-data directories and may launch Chrome with remote-debugging. That means it can access cookies/session data for accounts in those profiles. Use a dedicated Chrome profile (or a throwaway test account) rather than your primary browser/profile. - Auto-publish capability exists: The SKILL.md emphasizes '半自动' and '不会自动点击发布', but the vendor code includes commands to publish and click-publish. The provided wrapper scripts use --preview and stop before clicking publish, but the capability to auto-click exists in the code — review and avoid running publish/click-publish CLI commands unless you trust the environment. - External network calls: The image generation uses a third-party base URL (default: https://ark.cn-beijing.volces.com/api/v3) and the scripts download remote images. Confirm you trust those endpoints and the data policies; network calls could leak prompts, topics, or metadata. - Recommended precautions before use: - Inspect the code files (cdp_publish.py, chrome_launcher.py, account_manager.py) yourself or have someone you trust review them. - Run the tool in an isolated environment (dedicated user account or container) and use a dedicated Chrome profile and Xiaohongshu test account. - Provide only minimal API credentials and do not reuse cloud/production secrets. - If you don't need image-generation, avoid running topic_auto_api.sh/generate_images_doubao.py to skip sending data to the external provider. - Consider disabling or auditing any CLI invocation of publish/click-publish to ensure the workflow stays truly manual at the publish step. Overall: functionality is coherent with the advertised purpose, but the undeclared env var, profile/cookie access, and the presence of automatic publish commands warrant caution and an explicit security review before trusting this skill with real accounts.

Type: OpenClaw Skill Name: social-push-semi Version: 1.0.1 The skill is classified as suspicious due to a shell injection vulnerability in `scripts/run.sh`. The script uses `ffmpeg -i "$VIDEO"` without proper sanitization or quoting of the `$VIDEO` variable, which could allow arbitrary command execution if a malicious video path (e.g., containing shell metacharacters) is provided by the agent or user. While `scripts/fill_preview_cdp.sh` includes a partial path validation, this check is not present in `run.sh` itself, nor in `scripts/one_shot.sh` which calls `run.sh`. There is no clear evidence of intentional malicious behavior like data exfiltration or backdoors; the primary concern is the RCE vulnerability.