Zhihu Cli
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is mostly transparent about wrapping Zhihu commands, but it gives the agent logged-in authority to publish, vote, follow, and delete Zhihu content without clearly requiring confirmation for high-impact actions.
Install only if you trust the pyzhihu-cli package and are comfortable letting the agent operate your logged-in Zhihu account. Before any post, vote/follow, or deletion, require the agent to show the exact command and get your explicit approval, and avoid sharing cookies in chat.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misunderstands a request or acts too quickly, it could post public content, change social actions, or delete the user's Zhihu content.
The skill directly exposes logged-in write and delete operations on a public Zhihu account. The instructions do not require a final confirmation step before publishing or deleting, and document the confirmation-bypassing `-y` option.
发提问 | `zhihu ask ...`; 发想法 | `zhihu pin ...`; 发文章 | `zhihu article ...`; 删提问/想法/文章 | `zhihu delete-question <id>` / `delete-pin <id>` / `delete-article <id>` [-y]
Require explicit user confirmation with the exact target ID and content before any publish, vote/follow, or delete command; avoid using `-y` unless the user specifically confirms it.
Once logged in, commands run through the skill can act as the user's Zhihu account.
The skill relies on a persistent local Zhihu login session. This is disclosed and aligned with the purpose, but it gives the agent the user's authenticated account privileges.
知乎登录态:仅存于用户本机(Linux/macOS:`~/.zhihu-cli/cookies.json`;Windows:`%USERPROFILE%\.zhihu-cli\cookies.json`,权限 0600)。Agent 仅通过执行 `zhihu` 命令间接使用
Use QR login when possible, do not paste cookies into chat, and run `zhihu logout` when the agent no longer needs access.
The safety of the actual `zhihu` command depends on the installed pyzhihu-cli package and version, not just this instruction file.
The skill depends on an externally installed CLI package, but the provided artifacts contain no package code or pinning to review.
`uv tool install pyzhihu-cli` / `pipx install pyzhihu-cli` / `pip install pyzhihu-cli`
Install from a trusted package source, prefer isolated installers such as pipx or uv tool, and pin or verify the package version before use.
Sending the QR image to the wrong channel or target could expose a login flow to someone else.
The login QR image may be sent through an OpenClaw messaging channel. This is disclosed and limited to QR login, but the QR code is authentication-related data.
`openclaw message send --channel <渠道> --target <目标> --media <media 路径>/login_qrcode.png --message "请用知乎 App 扫码并确认登录"`
Only send QR codes to a user-confirmed private channel, verify the target before sending, and delete copied QR images after login.