ClawHub

Tencent Doc Update Watcher

v0.1.1

Privacy-first re-crawl and diff workflow for Tencent Docs (docs.qq.com) update checks. Use when asked to re-crawl Tencent Docs links, verify whether content...

0· 275·0 current·0 all-time
by@chinasilva
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's code implements re-crawling docs.qq.com, extracting opendoc payloads, and producing manifests/reports which is consistent with the description. However, the runtime requires the system 'curl' binary (the script calls curl via subprocess) even though the skill metadata lists no required binaries — this mismatch is unexpected and should be corrected or documented.
Instruction Scope
The SKILL.md instructs running the included Python script with a workspace path; the script's behavior matches that scope: it fetches HTML/opendoc payloads, parses and diffs them, writes snapshot manifests and a report, and removes raw files by default. The only notable scope expansion is the optional --keep-raw flag which will persist raw HTML, opendoc JS, headers, and cookies — these files may contain sensitive tokens and should be used only for debugging.
Install Mechanism
There is no install spec (no packages downloaded or installed), only a Python script included. This is low-risk from an installer perspective, but the package is not purely 'instruction-only' in practice because it bundles executable code that will be written to disk when installed by the platform.
Credentials
The skill does not request environment variables, credentials, or config paths. The operations it performs (HTTP fetches of docs.qq.com) are proportional to its stated purpose. Note: temporary cookie/header files are created in the workspace and may contain tokens if documents or the site use them.
Persistence & Privilege
'always' is false and the skill does not request persistent platform privileges. It stores snapshots and manifests under a user-specified workspace only; it does not alter other skills or global agent configuration.
What to consider before installing
What to consider before installing/using this skill: - The included Python script calls the system 'curl' command to fetch pages. The skill metadata does not declare any required binaries; ensure 'curl' is present or the script will fail. - By default the skill deletes raw fetched files, but if you run it with --keep-raw it will save raw HTML, opendoc.js, HTTP headers, and cookie files in the workspace — those files can contain tokens or other sensitive data. Only enable --keep-raw in a trusted/debug setting and inspect files before sharing. - The script only contacts docs.qq.com (it builds opendoc URLs and fetches them). If you provide a config with other URLs, those will be fetched; only run with document lists you trust. - Run the tool in an isolated workspace directory (not a system or home directory) to avoid accidental overwrites; inspect the snapshots/manifest/report outputs before sharing them. - If you need stronger assurance, open and review the full scripts/check-qq-doc-updates.py source included here (it is bundled) to verify there are no additional network endpoints or hidden behaviors, and consider running it in a disposable environment first. - If you maintain the skill registry entry, correct the metadata to declare curl (or make the script use Python HTTP libs) so the declared requirements match actual runtime needs.

Like a lobster shell, security has layers — review code before you run it.

i18nvk9743g7c41tq4k1bhdmqpaz7n182bw80latestvk9743g7c41tq4k1bhdmqpaz7n182bw80privacyvk9743g7c41tq4k1bhdmqpaz7n182bw80
275downloads
0stars
2versions
Updated 1mo ago
v0.1.1
MIT-0
@chinasilva
i18nlatestprivacy
Download

Tencent Doc Update Watch

Overview

Use this skill to re-crawl Tencent Docs links and detect updates with snapshot diffing. The workflow outputs:

  • manifest.json (structured machine-readable result)
  • report.md (human-readable diff summary)

Quick Run

Run with default doc list:

python scripts/check-qq-doc-updates.py \
  --config references/default-docs.json \
  --workspace /tmp/tencent-doc-watch

Run with explicit baseline:

python scripts/check-qq-doc-updates.py \
  --config /abs/path/my-docs.json \
  --workspace /tmp/tencent-doc-watch \
  --compare /tmp/tencent-doc-watch/snapshots/20260305_101500/manifest.json

Privacy Defaults

Default behavior is privacy-first:

  • Raw HTML/opendoc/cookie files are removed after parsing.
  • URL query values are redacted in opendoc_url fields.
  • Public URL in manifest removes query strings to avoid leaking tokens.

Keep raw files only when explicitly needed for debugging:

python scripts/check-qq-doc-updates.py \
  --config references/default-docs.json \
  --workspace /tmp/tencent-doc-watch \
  --keep-raw

Config Format

Use JSON:

{
  "docs": [
    {
      "name": "Example Sheet",
      "url": "https://docs.qq.com/sheet/DEXAMPLE_SHEET_001?tab=sample"
    },
    {
      "name": "Example Doc",
      "url": "https://docs.qq.com/doc/DEXAMPLE_DOC_001"
    }
  ]
}

Optional field:

  • id: Tencent doc ID (auto-parsed from URL when omitted)

Output and Status

Generated under <workspace>/snapshots/<label>/:

  • manifest.json
  • report.md
  • raw/ only when --keep-raw is enabled

Report status values:

  • UNCHANGED
  • CHANGED
  • NEW
  • FIRST_RUN

Key Detection Signals

Comparison currently checks:

  • last_modify_ms
  • rev
  • cgi_code
  • title
  • pad_type

中文补充

此 Skill 固化“腾讯文档重新抓取 + 与历史快照对比”的流程。默认开启隐私最小化策略:

  • 不持久化原始抓取内容(除非加 --keep-raw
  • 脱敏 opendoc_url 查询参数
  • manifest.json 中移除页面 URL 的查询参数

Comments

Loading comments...