Zhihu Cli

v0.2.5

知乎 CLI (pyzhihu-cli)：搜索、热榜、问题/回答、发想法/提问/文章、删自己的内容、点赞关注、通知。Agent 代执行 zhihu 命令，Cookie 仅存本地。

⭐ 1· 550·1 current·1 all-time

byMei Zhihan@baiguangmei

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (zhihu CLI helper) matches the instructions: all actions are executed by running the installed `zhihu` CLI and optionally copying a QR image for OpenClaw to send. No unrelated credentials, binaries, or cloud access are requested.

ℹ

Instruction Scope

The SKILL.md instructs the agent to access local paths (~/.zhihu-cli/* and the OpenClaw workspace media folder), run `zhihu` commands (including login with a pasted cookie), and use `openclaw message send` to deliver QR images. These are within the stated purpose but involve reading/writing local files and sending media externally; the doc explicitly prohibits uploading cookie contents, but using cookie-based login or an incorrect copy command could expose sensitive data if mishandled.

✓

Install Mechanism

Instruction-only skill with no install spec or code to write to disk. Installation recommendations are standard package installs (uv/pipx/pip) and are sensible for a Python CLI.

✓

Credentials

The skill declares no environment variables, no credentials, and no config paths beyond the local ~/.zhihu-cli cookies and OpenClaw workspace paths needed for QR delivery. Those local paths are proportionate to the task.

✓

Persistence & Privilege

always is false and the skill does not request system-wide changes or persistent presence beyond using the local `zhihu` CLI and optionally OpenClaw workspace. The skill will run local commands when invoked (normal for an instruction-only CLI helper).

Assessment

This skill appears coherent for controlling a locally installed Zhihu CLI. Before installing/using it: 1) Do not paste your cookies into chat; prefer QR scan login. If you must use cookie-based login, paste it only into a secure terminal, not into conversations/logs. 2) Verify you trust the pyzhihu-cli package source before pip installing. 3) Be aware the agent will read/write files under ~/.zhihu-cli and may copy the QR image into the OpenClaw workspace media folder and invoke `openclaw message send` — ensure your OpenClaw messaging channels are configured only if you trust them. 4) If you are uncomfortable with an agent running local commands or with automatic QR forwarding, avoid enabling autonomous invocation or run commands manually yourself. 5) Monitor for any accidental exposure of cookies and use `zhihu logout` to revoke sessions if needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97acgrma446v4hdkp2cxnad2n830450

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Zhihu Cli

License

Comments