ClawHub

语雀知识库导出

v1.0.1

将语雀知识库的所有文档导出为本地 Markdown 文件,保留目录结构。需要 Chrome DevTools MCP。

0· 166·0 current·0 all-time
by拾伍@sh1-5
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description (export Yuque repo to Markdown) match the runtime instructions: it drives a browser DevTools session, discovers book_id and catalog_nodes, fetches docs, converts HTML to Markdown, and preserves directory structure. It does not request unrelated binaries, env vars, or credentials.
Instruction Scope
Runtime instructions require navigating the user’s browser session, listing network requests, injecting a large client-side conversion function, and issuing fetch() calls with credentials: 'include' so the browser session cookies are used. This is necessary for the stated task but is a high-privilege operation: MCP will see network activity and the skill runs scripts inside the logged-in browser context. The SKILL.md shows care (avoids /api/v2/repos/) and limits API targets to Yuque endpoints, but the actions could access other network logs or pages in the same browser session if misused.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is downloaded or written by an installer. Lowest-risk install posture.
Credentials
No environment variables, credentials, or config paths are requested. The skill relies on an existing, logged-in browser session via Chrome DevTools MCP, which is proportional for exporting a user's Yuque content.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or to modify other skills. It runs ad-hoc against the connected MCP session and does not ask to persist tokens or enable itself permanently.
Assessment
This skill operates inside a connected Chrome DevTools MCP browser session and will run scripts and fetch requests using your logged-in Yuque session (cookies). That behavior is required to export private docs, but it means the skill has access to whatever the current browser profile can access. Before using: 1) only run with a browser/profile you trust and that is logged in to Yuque; 2) close or avoid having other sensitive sites open in that profile while the MCP session is used; 3) confirm the skill will only fetch yuque.com endpoints (SKILL.md indicates it targets Yuque APIs); and 4) if you have doubts, ask the publisher for the source or a code review — because this is instruction-only from an unknown source, exercise caution. If you want maximum safety, perform the export using a dedicated browser profile or session created solely for this task.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crc0kyysqphc5t0c08g9mmn83gx2f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments