1lou Auto Follow

v1.0.0

管理追剧清单，自动检查并推送1lou网站的最新剧集更新。

⭐ 0· 81·0 current·0 all-time

by@bluepop1991-cloud

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bluepop1991-cloud/1lou-auto-follow.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "1lou Auto Follow" (bluepop1991-cloud/1lou-auto-follow) from ClawHub.
Skill page: https://clawhub.ai/bluepop1991-cloud/1lou-auto-follow
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install 1lou-auto-follow

ClawHub CLI

Package manager switcher

npx clawhub@latest install 1lou-auto-follow

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The stated purpose—manage a watchlist and check 1lou site updates—matches what the code mostly does (web-scrape and report). However there are inconsistencies: SKILL.md prioritizes domains starting with 1lou.me → .one → .icu, while index.js's DOMAINS order is different and the parser always builds result URLs using https://1lou.icu regardless of the chosen domain. SKILL.md expects a watchlist field named search_keyword, but index.js reads item.keyword. These mismatches mean the implementation does not reliably do exactly what the documentation claims.

Instruction Scope

SKILL.md contains operational steps beyond what index.js implements: it describes automatic torrent downloads via curl, browser-download fallback, looking through temp/playwright artifact directories, and adding torrents to qBittorrent (and references local qBittorrent and n8n hosts). The index.js provided only reads a watchlist, performs searches using curl, parses HTML and returns a report — it does not perform downloads, inspect temp folders, or interact with qBittorrent. The SKILL.md also instructs checking specific local paths (/Users/bluepop/... and /var/folders/...), which is privacy-sensitive and grants the agent broad discretion in the real instructions.

✓

Install Mechanism

This is instruction-plus-code with no install spec; nothing is downloaded or written during install. No external install URLs or packaged installers are present.

ℹ

Credentials

The skill requests no environment variables or credentials, which is proportionate. However SKILL.md hardcodes a user-specific watchlist path (/Users/bluepop/...) and local service addresses (qBittorrent and n8n at 192.168.1.38) — these are configuration assumptions that may be inappropriate for other users and imply access to local files and LAN services if the skill were extended to act on them. The mismatch between 'search_keyword' (doc) and 'keyword' (code) is also a configuration inconsistency.

✓

Persistence & Privilege

The skill is not marked always:true and does not request any platform-level persistence. It is user-invocable and can be run autonomously per platform defaults; that alone is expected. The code does read a file in the user's home directory but does not modify other skills or global configuration.

What to consider before installing

This skill is suspicious rather than clearly malicious. Things to consider before installing or running it: - The documentation and the code disagree in several ways (domain priority, watchlist field name, and whether the skill auto-downloads and adds torrents). That inconsistency could be a sign of sloppy engineering or an incomplete/partially-implemented skill. Don't assume the SKILL.md behavior (automatic torrent downloads, browser automation, checking temp folders, qBittorrent uploads) is implemented just because it's documented. - The code runs shell commands via execSync (curl). This is expected for web-scraping but gives the skill ability to run arbitrary shell commands if the code were changed. Review any user-provided inputs that could be injected into shell commands. In the provided code, the search URL is URL-escaped, which reduces injection risk. - The skill hardcodes a specific user path (/Users/bluepop/...) and LAN addresses (192.168.1.38). If you are not that user or don't want it to access those paths/hosts, do not run it as-is. Prefer configuration options or environment variables rather than hardcoded paths/IPs. - If you want automatic adding of torrents to qBittorrent, insist on a clear, auditable mechanism (qBittorrent Web API with authenticated calls), rather than file-system scraping or opening browser downloads. - Recommendations: (1) Fix the field-name mismatch (search_keyword vs keyword) and make the watchlist path configurable (or relative). (2) Make domain selection and result URLs consistent (use the selected domain when building result links). (3) Remove or explicitly gate instructions that walk arbitrary local temp directories. (4) If automatic downloads are required, implement authenticated API calls to qBittorrent and avoid shelling out to browsers or scanning system temp folders. (5) Run the code in a sandbox and review/modify hardcoded paths/addresses before use. If you don't have the ability to audit or test the code safely, treat this skill as untrusted and avoid installing or running it on your main machine.

✗

index.js:11

Shell command execution detected (child_process).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971x8ex7mqts69ky7js5g2kns84088a

81downloads

0stars

1versions

Updated 3w ago

v1.0.0

MIT-0

1lou自动追剧

网站域名（按优先级）

连接检测与重试

首次尝试连接首选域名 https://1lou.me
如果连接失败（超时/ERR_CONNECTION_TIMED_OUT），自动切换到下一个域名
切换顺序：1lou.me → 1lou.one → 1lou.icu → 1lou.xyz → 1lou.info → 1lou.vip → 1lou.pro
每个域名至少重试2次
选择第一个能够成功连接的域名进行搜索和下载

重要：检测网站可用性时，只检测以下域名，不要自行尝试其他域名：

1lou.me（首选）
1lou.one
1lou.icu
1lou.xyz
1lou.info
1lou.vip
1lou.pro
不要检测：1lou.com, 1lou.cc, 1lou.net（这些域名不存在！）

触发条件

定时任务触发（每天凌晨4点）
用户询问追剧相关功能

追剧清单文件

路径：/Users/bluepop/.openclaw/scripts/drama_watchlist.json

格式：

{
  "drama_list": [
    {
      "name": "剧名",
      "downloaded_episodes": [1, 2, 3],
      "search_keyword": "搜索用的关键字"
    }
  ]
}

重要：search_keyword是成功下载时使用的搜索关键字，后续自动追剧时使用该关键字搜索。

工作流程（定时任务）

1. 检查清单

读取drama_watchlist.json
如果为空，回复"追剧清单为空，任务跳过"

2. 搜索更新

按以下顺序尝试连接：1lou.me → 1lou.one → 1lou.icu → 1lou.xyz → 1lou.info → 1lou.vip → 1lou.pro
使用第一个能够成功连接的域名
对清单中的每个剧进行搜索
使用search_keyword字段进行搜索（不是用name）

3. 过滤规则（重要！必须先过滤再计数）

先过滤，后计数！

排除包含以下关键词的资源：

网盘
夸克
片源
无字

过滤后再提取集数信息，计算可下载的新集数。

4. 推送结果

格式：剧名 | 集数 | 大小 | 链接
无论是否有新资源，都要告知用户检查结果

5. 用户确认下载后，添加种子到qBittorrent

第一步：先尝试curl命令下载

curl -sL -o /tmp/xxx.torrent "https://1lou.one/attach-download-xxxxx.htm"

如果curl成功，直接用种子文件添加到qBittorrent
如果curl失败，尝试其他域名或用浏览器下载
重试：最多3次

第二步：使用浏览器下载

用浏览器打开种子下载链接
检查以下位置（按顺序）：
- 临时目录：/var/folders/0g/tdp7p0zn7x3gbbtyysptxrvm0000gn/T/playwright-artifacts-*/
- 下载目录：/Users/bluepop/Downloads/
找到最新的BitTorrent文件
复制到Downloads目录（如在临时目录）
用找到的文件添加到qBittorrent

重试：最多3次

6. 更新追剧清单

下载完成后，更新drama_watchlist.json中的downloaded_episodes

加入追剧清单

用户手动搜索并下载某剧集
下载完成后，询问用户是否加入追剧
用户确认后，更新drama_watchlist.json
- 记录downloaded_episodes
- 记录search_keyword（本次搜索使用的关键字）

退出追剧清单

用户手动告诉退出某剧集，从drama_watchlist.json中移除

定时任务配置

任务名称：1lou追剧推送
执行时间：每天凌晨4:00
任务ID：bd2e8e58-2c7c-4cbc-879f-c7a546793efb

服务配置

1lou：https://1lou.me（首选）→ 1lou.one → 1lou.icu → 1lou.xyz → 1lou.info → 1lou.vip → 1lou.pro
qBittorrent：192.168.1.38:8085
n8n：192.168.1.38:5678

Comments

Loading comments...