csdn-publisher

The skill presents a coherent workflow for automated CSDN publishing, including QR login and Telegram-based notifications. The core capabilities align with the stated purpose. However, the credential handling (cookies and QR) and the use of Telegram as a conduit for sensitive data introduce non-trivial security risks. The install approach relies on direct downloads from internet sources without verifiable signatures, increasing supply-chain risk. Overall, the skill is BENIGN in intent but SUSPICIOUS/Moderate risk in practice due to credential exposure potential and external data flows. Treat with caution and require explicit security controls (signature verification, restricted access to credential stores, minimize external data sharing, and clearer user consent for sending login data via Telegram).