投票鸭助手

The skill's code, instructions, and required credentials are consistent with a Toupiaoya voting/template client: it contacts Toupiaoya APIs, stores/uses an X-Openclaw-Token, and can upload files to Tencent COS — nothing in the package appears unrelated to the stated purpose.

This skill appears to do what it says, but before installing or running it: (1) inspect the code (present in scripts/) if you have concerns; (2) be aware it persists your X-Openclaw-Token to ~/.toupiaoya/config.json (check file permissions and contents); (3) the upload command will read any local file path you pass — avoid uploading sensitive files; (4) the upload flow requires installing cos-python-sdk-v5 from PyPI (verify the package source before pip installing); (5) if you prefer not to persist your token, pass it via --access-token for one-off runs instead of doing login; and (6) do not run with elevated privileges and review network endpoints if you need higher assurance.