闲鱼自动回复助手

The skill automates Xianyu (Goofish) message replies by requiring users to provide their browser Cookie, which is a high-risk credential providing full account access. While the implementation in `xianyu_monitor.py` and `xianyu_api.py` appears to communicate only with official Xianyu and DingTalk domains (e.g., `wss-goofish.dingtalk.com`) and stores data locally in `~/.xianyu-agent/`, the handling of sensitive session tokens and the execution of background monitoring processes are inherently risky. The skill uses local AI CLI tools like `claude` or `openclaw` to generate replies, and includes a custom MessagePack decoder in `xianyu_utils.py` to handle Xianyu's binary WebSocket protocol, but no clear evidence of intentional malice or data exfiltration to third-party servers was detected.