米游社工具

This skill appears to do what it claims (MiYoShe login, tasks, sign-ins, and exchange) and includes working code that will run locally and contact official MiYoShe/Mihoyo endpoints. Key things to consider before installing or using it: - Sensitive data: You will be asked to paste cookies, stoken info or phone numbers. Those are saved unencrypted under skills/mystool/data/accounts.json and related files — treat these as high-risk secrets. - Trust the author: The skill has no homepage and an unknown source; review the code (especially src/api.py, runner.py, sms_login.py, and store.py) yourself before providing real credentials. - External proxy URL: If you configure a proxy (proxy_config.api_url), the skill will fetch data from that URL to get proxy IPs — that URL could be malicious or point to internal endpoints. Only set it to trusted services. - Automated actions: runner.py will run daily cron tasks and can iterate all stored accounts. If installed on a shared agent, it will act for every stored user account — consider isolation. - Deployment suggestions: run in an isolated/trusted environment, audit the full source (untruncated files), and test with a throwaway account first. If you must use real accounts, consider encrypting the data directory or avoiding storing long-lived cookies in this skill. If you want, I can highlight exact lines/places to inspect (e.g., where cookies are written, where external network calls occur) or scan the remaining truncated files for suspicious behavior.