ClawHub

Juejin Publisher

v1.0.3

掘金文章自动发布技能。通过掘金官方 API(Cookie 鉴权),支持将 Markdown 文章一键发布到稀土掘金平台,支持设置分类、标签、摘要和封面图。

1· 301·1 current·1 all-time
by巫山老妖@devilwwj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included Python scripts which call api.juejin.cn to create drafts and publish articles. The only minor mismatch is that the SKILL.md metadata and registry metadata list 'curl' as a required binary while the provided scripts use Python's urllib and do not call curl — curl appears unnecessary but not malicious.
Instruction Scope
Runtime instructions explicitly say the skill will read a local juejin.env or environment variable to obtain the JUEJIN_COOKIE and then call the official 掘金 API endpoints. The scripts only read the declared config file / environment variables and the Markdown file to be published; they don't read other system files or contact unexpected external endpoints.
Install Mechanism
No install spec (instruction-only + shipped scripts). No external downloads or archive extraction. The package includes Python scripts and docs only — low install risk.
Credentials
The skill requires access to a login Cookie (JUEJIN_COOKIE), which is necessary for cookie-based auth to the 掘金 API and is described in SKILL.md. That credential is sensitive — but its use is proportionate to the stated purpose. The package also reads optional env vars for default category/tag IDs. The metadata did not list required env vars in the registry, but the SKILL.md documents which values are needed.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or global agent settings. It only reads a local config file in its own skill folder and environment variables; no elevated persistence or privileges are requested.
Assessment
This package appears to do exactly what it says: read a local juejin.env or JUEJIN_COOKIE environment variable and publish Markdown to api.juejin.cn. Before installing/using it, consider: 1) The JUEJIN_COOKIE is equivalent to a logged-in session — treat it as a secret. Only store it in secure, private locations and rotate/revoke it if you suspect compromise. 2) Test with --draft-only first to confirm behaviour. 3) The metadata unnecessarily lists curl as required even though the Python scripts don't use it — this is a minor inconsistency but not a security problem. 4) Review the scripts yourself (they are included) if you will run this in a shared or production environment. If you plan to run the skill in an environment accessible by others, avoid placing the Cookie in a world-readable file.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfmhfn4e4g8b25da3197mj182v12g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

⛏️ Clawdis
Binspython3, curl

Comments