Zhihu Assistant

This skill appears to do what it says, but review a few things before installing: - Sensitive credentials: the skill requires a Zhihu login cookie and an LLM API key. Only paste these into OpenClaw config and never commit them to a repository. Consider using a throwaway account or scope-limited API key if possible and rotate credentials after testing. - Verify cron behavior: SKILL.md claims scheduled tasks will be created automatically, but the provided install.sh does not create cron entries. If you rely on scheduling, either add cron jobs yourself or confirm how OpenClaw will schedule the skill. - Check the LLM endpoint: the code supports Kimi/Doubao and has multiple base_url defaults in different files; confirm the API endpoint you configure is the intended one and that you trust that provider. - Unnecessary dependencies: install.sh installs packages (openai, httpx) that the code doesn't use. This is not necessarily malicious, but it increases installed surface area—inspect and remove unused dependencies if you prefer a minimal environment. - OpenClaw CLI dependency: runtime code uses 'openclaw config get' via subprocess. Ensure the OpenClaw CLI is present and that you understand what config entries the skill will read. - Review the remainder of main.py (it was truncated here): ensure there are no hidden network calls or logic that would send collected data (cookies, drafts, logs) to unexpected third-party endpoints. If you want stronger assurance, run the skill in an isolated environment (VM or container) and monitor outbound network traffic during a test run. If you provide the full, untruncated main.py code I can re-check the remaining runtime behaviors and raise or lower my confidence accordingly.