Zhihu Assistant
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated Zhihu draft-generation workflow, but it asks for a full Zhihu browser cookie and advertises hourly automation, so its credential and background-use boundaries need review.
Review this skill before installing. It is not showing clear malicious behavior in the provided files, but you should be comfortable providing a Zhihu browser cookie and AI API key, verify whether hourly cron jobs are created, use a virtual environment or pinned dependencies, and clear local draft/log data when no longer needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the cookie is exposed or mishandled, it could act like your logged-in Zhihu session, not just a harmless hot-list key.
The skill asks the user to copy a full logged-in browser Cookie rather than a scoped read-only token. That is broad account/session authority, even though the provided code appears to use it for Zhihu hot-list requests.
### 1. 知乎 Cookie(必需) 从浏览器开发者工具复制知乎 Cookie ... openclaw config set skills.zhihu-assistant.zhihu_cookie "your_zhihu_cookie_here"
Use a dedicated or low-risk Zhihu account if possible, rotate/revoke the cookie after use, prefer secure secret entry over pasting secrets into shell history, and install only if you are comfortable granting this session access.
The skill may make regular network/API calls and generate drafts on a schedule, which can create notifications or consume API quota.
The documentation describes recurring background jobs that would use the configured cookie and API key without per-run prompts. This is disclosed and purpose-aligned, but it is still persistent autonomous activity.
安装后会自动创建以下定时任务 ... zhihu-fetch | 每小时 0 分 ... zhihu-notify | 每小时 5 分
Check OpenClaw cron entries after installation, disable scheduled jobs if you only want manual use, and set conservative fetch limits.
Package versions could change over time, and system-level package changes can affect other Python tools.
The install script installs unpinned Python packages and may fall back to modifying the system Python environment. This is a common setup pattern, but it increases dependency/provenance and environment-impact risk.
pip3 install -q pyyaml requests httpx openai ... || pip3 install --break-system-packages -q pyyaml requests httpx openai
Install in a virtual environment if possible, pin dependency versions, and review package sources before running the installer.
Draft answers and activity history may remain available locally after use.
The skill persistently stores generated drafts, question IDs, queue status, and operation logs. This is aligned with deduplication and review-queue features, but it means generated content remains on disk.
data/answered.json: 已回答问题ID列表 - data/pending.json: 待审核队列 - logs/operation.log: 操作日志
Periodically review or delete the skill's data/log files if you do not want long-term retention.