Zhihu Automation Skill
ReviewAudited by ClawScan on May 15, 2026.
Overview
This skill is mostly purpose-aligned for Zhihu automation, but it can use persistent Zhihu session cookies to publish or interact publicly, and that high-impact account authority is not fully reflected in the registry metadata or enforced consistently in code.
Only install this if you are comfortable giving it persistent logged-in access to your Zhihu account. Use a test account or sandbox mode first, protect the `.env` file and `ZHIHU_COOKIE_KEY`, and require the agent to show the exact post/comment/follow action for explicit approval before anything is published or changed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent invokes this path too early or with the wrong content, it could post publicly under the user's Zhihu account.
This script performs a public Zhihu answer submission once invoked. SKILL.md says public actions should wait for preview and explicit confirmation, but this code path does not show an in-script confirmation or preview gate.
await submitBtn.click();
await humanDelay(2000, 4000);
answerLog.info('✅ 回答已提交');
return { status: 'submitted', questionId, url };Require a hard confirmation flag or confirmation token for all public mutations, and default to draft/sandbox/preview mode unless the user explicitly approves the exact content and target.
A user may install expecting a read/search helper, while the skill actually needs persistent session material that can act as their Zhihu account.
The registry-level credential contract says no credentials or environment variables are needed, but SKILL.md requires `ZHIHU_COOKIE_KEY` and documents encrypted Zhihu cookie storage for logged-in account automation.
Required env vars: none Env var declarations: none Primary credential: none
Declare the Zhihu cookie/session requirement and `ZHIHU_COOKIE_KEY` in registry metadata, and clearly label the skill as able to perform logged-in public account actions.
Anyone who can read the terminal output, shell history, project `.env`, and cookie file may be able to decrypt the saved Zhihu session.
The setup script writes the cookie encryption key to a local `.env` file and prints the key to the terminal. This is local and user-directed, but the key protects the persistent Zhihu cookie store.
writeFileSync(envPath, content);
setupLog.info('密钥已生成并保存到 .env');
console.log(` 🔑 密钥: ${key}`);Avoid printing secrets, create the `.env` with restrictive permissions, and advise users to store the key in a system keychain or protected secret manager.
Running setup will execute npm/Playwright installation steps on the user's machine.
The setup flow runs local package installation and downloads a Playwright browser. This is expected for browser automation, but it is executable setup behavior despite the registry saying there is no install spec.
execSync('npm install', { cwd: ROOT, stdio: 'inherit', timeout: 120000 });
execSync('npx playwright install chromium', { cwd: ROOT, stdio: 'inherit', timeout: 120000 });Keep setup manual and clearly documented, pin dependencies where possible, and ensure users review the package before running npm install or Playwright installation.