ZSXQ Digest
ReviewAudited by ClawScan on May 10, 2026.
Overview
ZSXQ Digest appears purpose-aligned, but it needs access to your Knowledge Planet session token/cookies and stores local state, so treat it like an account-access tool.
Install only if you are comfortable giving the skill local access to your Knowledge Planet session. Keep `state/` out of git and backups you do not trust, avoid sharing token/cookie files or generated digests publicly, use allow/deny group configuration to keep scope narrow, and delete raw captured cookies after successful setup if they are not needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the token file could potentially access the user's Knowledge Planet account content.
The skill relies on a private Knowledge Planet session cookie/token that can grant access to the user's membership content. This is expected for the integration and is documented, but it is sensitive account material.
"cookie_name": "zsxq_access_token", "cookie_value": "<private>"
Keep `state/session.token.json` local and gitignored, do not paste it into shared chats or repos, and rotate/revoke the session if it is exposed.
If pointed at the wrong browser target or mishandled, browser cookie capture could expose more session data than the user intended.
The browser bootstrap can use Chrome DevTools Protocol access to retrieve cookies from a logged-in browser page. That is purpose-aligned for auth recovery, but it is a powerful browser-control capability.
`capture_browser_cookies.js` ... connect to an already opened browser page through its CDP `wsUrl` and call `Network.getCookies`
Only run the browser bootstrap against the intended ZSXQ tab, review local outputs, and delete raw captured cookie files after finalizing the narrower token file if they are no longer needed.
Private post contents or excerpts may appear in local outputs or model context, and untrusted post text should not be treated as instructions.
Private membership posts are collected and summarized as model context. This is core to the skill, but users should remember that the content may enter the agent's summarization context.
Use this skill to turn private Knowledge Planet activity into ... a compact daily briefing ... Apply hard limits to preview length and total digest input size before model summarization.
Limit the tracked groups and time window, avoid summarizing content you do not want processed by the agent, and treat all fetched post text as data rather than commands.
Local state files can reveal which private posts or groups were processed.
The skill persists local history of seen items for deduplication. The retention is bounded and purpose-aligned, but it still records activity metadata from private circles.
Use a bounded cursor file ... `ttl_days`: 7, `max_entries`: 500 ... `seen` maps stable `item_id -> unix_timestamp`.
Keep the `state/` directory private, maintain the documented TTL/max-entry bounds, and delete state files when you no longer want the history retained.