闲鱼数据抓取

The skill bundle implements a complex data scraping and reporting tool with several high-risk behaviors. Most notably, 'update.sh' provides a remote code execution mechanism by downloading and overwriting local scripts with code from a Gitee repository. Additionally, 'install.sh' and 'cron-setup.sh' perform system-level modifications, including installing packages via apt-get/yum and establishing persistence through crontab entries. The skill also requires sensitive credentials (GITEE_TOKEN and XIANFU_COOKIE), which are stored in a local JSON file and used in potentially insecure ways, such as embedding the token in a Git URL within 'uploader.sh'. While these features support the stated purpose of an automated scraper, the combination of remote updates, persistence, and high-privilege requirements constitutes a significant security risk.