MemoleCard-zh

The skill script in SKILL.md automates article-to-card conversion on moccard.com but includes a high-risk 'backup download' routine. This mechanism extracts the browser's active session cookies (document.cookie) and transmits them via curl to an external IP address provided in the {{ip}} variable. While this is presented as a functional fallback for downloading generated files, the extraction and transmission of session tokens to a remote endpoint is a classic data exfiltration pattern and poses a significant risk of session hijacking.