weibo-hub

SUSPICIOUS: the skill’s Weibo-reading purpose mostly matches its capabilities, and data flows stay on first-party Weibo endpoints, but the authentication design is high-risk. It harvests browser cookies, sources an env shell file with shell=True, and stores reusable session credentials locally, while also including anti-detection scraping behavior. This is not confirmed malware, but it is a medium-risk skill with disproportionate credential handling for an agent integration.