技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.2.0
统计:⭐ 0 · 33 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:calvin-dean/douyin-send-message
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's description (use the agent's browser to send Douyin DMs) mostly matches its purpose, but the included Node/Playwright script contains undeclared dependencies and a hardcoded user-data path that access a local browser profile — an incoherence and privacy risk.
目的
The skill claims to operate by driving the web UI (SKILL.md uses a 'browser' action API), which is coherent with sending Douyin messages. However, the repository also includes a Playwright Node script (send_douyin_dm.mjs) that requires Node/Playwright/Chromium and explicitly sets userDataDir to '/Users/calvin/.openclaw/browser/openclaw/user-data'. The skill metadata declared no required binaries, env vars, or config paths — so the presence of …
说明范围
SKILL.md instructs browser tool actions (open, snapshot, click, evaluate with execCommand insertion). The script implements a different approach (Playwright automation, input.fill(), different selectors) and reads/writes local artifacts (screenshots saved to disk). The SKILL.md does not mention or justify accessing local filesystem/browser profiles, nor does it mention the additional Node/Playwright runtime — this is scope creep and a mismatch…
安装机制
There is no install spec, but the included script requires Node and Playwright (plus a Chromium runtime). Because no install/requirements are declared, the skill silently assumes those tools are available; that is an install/operational mismatch. Lack of an install mechanism lowers reproducibility and hides runtime needs.
证书
Declared requirements list no environment variables or config paths, but the script hardcodes a userDataDir pointing into a user's home ('/Users/calvin/.openclaw/browser/openclaw/user-data'). Accessing a browser profile can expose cookies, tokens, and other sensitive data unrelated to 'sending a single DM' and is disproportionate to the stated purpose. No justification or opt-in mechanism is provided.
持久
The skill is not 'always: true' and does not claim to modify other skills. However, the Playwright script writes screenshots and may access user browser data; while not requesting permanent platform presence, it gains local privileges (filesystem access to a profile) when executed. Autonomous invocation is allowed by default — combined with the above, that increases risk but is not by itself disqualifying.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「douyin-send-message」。简介:在抖音网页版发送私信消息。当用户想发送抖音私信、提醒续火花、或者提到"抖音发消息"、"发抖音私信"、"douyin send message"时触发。支持快速…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/calvin-dean/douyin-send-message/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。