by 安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This package appears to do what it claims, but it accesses sensitive browser session cookies (and thus may act with your logged-in identity on startupschool.org) and its installer writes to your home directory and patches installed package files. Before installing: 1) Verify the package source (check the GitHub repo linked in SKILL.md and confirm the author/trustworthiness); 2) Expect macOS Keychain prompts to decrypt Chrome cookies — only allow if you trust the tool; 3) Be aware the postinstall...详细分析 ▾
✓ 用途与能力
The CLI's code and dependencies match the description: it reads Startup School cookies to call GraphQL/REST endpoints, uses Playwright to automate SPC Airtable forms, and exposes commands for discovery and submissions. Dependencies (sweet-cookie, playwright) and required binary 'yc' are appropriate for the stated features.
ℹ 指令范围
Runtime instructions and code legitimately require reading browser cookie stores and extracting CSRF tokens, and may prompt macOS Keychain for decrypting Chrome cookies — these are necessary for the 'whoami', dashboard, and submit workflows. The SKILL.md and code do not appear to instruct the agent to read unrelated system files or to exfiltrate data to unexpected endpoints; network calls target startupschool.org, speedrun/a16z endpoints, GCS signed URLs, and Airtable forms as expected.
⚠ 安装机制
Install is via an npm package (@lucasygu/yc) which is normal, but the postinstall script performs additional actions: it creates ~/.claude/skills/yc-cli (a symlink into the user's home directory) and patches files inside node_modules/@steipete/sweet-cookie. Those write operations modify the user environment and installed package files during installation, increasing the installation footprint and requiring explicit user awareness/consent.
ℹ 凭证需求
No environment variables or external API keys are requested, which is proportional. However, the tool reads browser cookie stores and uses the macOS Keychain (via sweet-cookie) to decrypt session cookies for startupschool.org — this grants the CLI access to sensitive session tokens needed to act on behalf of the user. This access is justified by the feature set but is privacy-sensitive and requires user consent.
ℹ 持久化与权限
The package does not set always:true and does not demand elevated system privileges, but its postinstall creates a persistent symlink (~/.claude/skills/yc-cli) to register itself with a local AI agent ecosystem and modifies package files in node_modules. Preuninstall includes cleanup logic, but the installation does leave persistent artifacts in the user's home directory.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSmacOS
版本
latestv0.3.22026/3/4
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install yc
镜像加速npx clawhub@latest install yc --registry https://cn.longxiaskill.com镜像同步中