Skills
skills/worldwonderer/oh-story-claudecode/story-short-scan/Gen Agent Trust Hub

story-short-scan

Fail

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script scripts/heiyan-booklist-scraper.js programmatically extracts session credentials from the browser. It uses document.cookie.match(/Admin-Token=([^;]+)/) to harvest the Admin-Token for use in subsequent authenticated API requests.
  • [COMMAND_EXECUTION]: The utility script scripts/cdp-utils.js utilizes child_process.execSync to run the agent-browser CLI tool, enabling shell command execution to control browser instances.
  • [EXTERNAL_DOWNLOADS]: The skill performs automated scraping and network operations against several external domains, including ishugui.com, zhangwenpindu.cn, and ms.zhangwenpindu.cn.
  • [DATA_EXPOSURE]: The skill extracts and saves book data, which may include semi-private information when used in an authenticated session, into local Markdown files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 13, 2026, 06:46 AM