Juejin Publisher
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Juejin publishing helper, but it uses your logged-in Cookie and can publish articles publicly to your account.
Install only if you are comfortable giving the skill a Juejin session Cookie and letting it publish to your account. Keep the Cookie file private, verify the exact Markdown file and metadata before use, and prefer draft-only mode when you want to review before public posting.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken invocation or wrong file path could publish content to the user's Juejin account instead of only preparing a draft.
After creating a draft, the default code path publishes it unless --draft-only is supplied; this is expected for the skill but is a public account action.
article_id = publish_draft(draft_id, cookie)
Use --draft-only for review workflows, verify the Markdown file, title, category, and tags before publishing, and ask the agent to create a draft first if you do not want immediate public posting.
Anyone with access to that Cookie may be able to use the user's Juejin session until it expires or is revoked.
The skill asks the user to copy a full browser Cookie, which is a session credential that lets the script act as the logged-in Juejin user.
在 Request Headers 中找到 `Cookie` 字段,复制完整内容
Store juejin.env securely, avoid putting the Cookie in shell history or shared logs, rotate/logout the session if exposed, and consider using the shortest-lived credential available.
Setup may fail or users may need to create the credential file manually, increasing the chance of misconfiguration.
The documentation references a juejin.env.example setup file, but the supplied manifest does not include that file, indicating a small packaging/documentation gap.
cp /data/workspace/skills/juejin-publisher/juejin.env.example
Create the config file manually from the documented variables, and the maintainer should include the referenced example file and align registry/in-file versions.