ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

csdn文章发布

v1.0.4

将 Markdown 文章通过用户目录浏览器会话发布到 CSDN。支持保存草稿、预览排版、人工确认发布;默认保持浏览器打开并复用登录态。

1· 123·0 current·0 all-time
by@love254443233

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for love254443233/csdn-article-publish-plus.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "csdn文章发布" (love254443233/csdn-article-publish-plus) from ClawHub.
Skill page: https://clawhub.ai/love254443233/csdn-article-publish-plus
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install csdn-article-publish-plus

ClawHub CLI

Package manager switcher

npx clawhub@latest install csdn-article-publish-plus
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the code: the script reads a Markdown file, optionally appends a QR section from skill-config.json, opens a persistent Playwright Chromium context pointed at a browser profile directory to reuse login state, fills the editor, interacts with publish/save/preview buttons, screenshots the page, and emits a JSON result. Requesting access to a browser profile is coherent with 'reuse login session'.
Instruction Scope
Runtime instructions and the script stay within publishing scope: they read only the provided Markdown file and the skill's skill-config.json, operate in the browser editor page, and output a screenshot and JSON. Important scope notes: the script will open and reuse a browser profile (accessing cookies/session data in that profile) and will keep the browser process open by default (process.stdin.resume). It also uses heuristics (DOM selectors) to find editor fields, which may require updates if the site changes.
!
Install Mechanism
There is no install spec yet the script requires Node and the Playwright package (require('playwright')). The skill does not declare these runtime dependencies or how to install them; without them the script will fail. This lack of declared install steps is a practical coherence gap (not necessarily malicious) that the user should address before running.
Credentials
The skill requests no external secrets or environment variables. It reads env-like values only from its own skill-config.json (CSDN_VERTICAL_QR_IMAGE_URL/CSDN_VERTICAL_QR_DESCRIPTION) to build the QR section — this is proportional to its publishing purpose.
Persistence & Privilege
always is false and the skill does not request to persist or modify other skills or system-wide agent settings. Its behavior of keeping the browser open and reusing the user's profile is a functional feature, not an elevated platform privilege; still, it has privacy implications (see guidance).
Assessment
What to consider before installing/running: - Dependencies: the script requires Node.js and the 'playwright' package (and a compatible Chromium build). The skill provides no install instructions — install Playwright yourself (npm i playwright) or provide an install spec first. - Browser profile access: the script intentionally opens your browser's profile directory to reuse login cookies. That gives it access to all sessions and cookies stored in that profile. Only run it on a browser profile you are comfortable exposing (recommend creating/using a dedicated profile for this skill). - Platform assumptions: default profile-path resolution targets macOS (Library/Application Support). On Linux/Windows you must pass --profile-dir explicitly or adjust the script. - Privacy: the skill takes a screenshot of the editor and prints the current page URL to stdout. If that contains sensitive details, consider where outputs are stored and who can see them. - Operation: by default the script keeps the browser process open (keeps the session alive); it will not exfiltrate data by itself, but it interacts with the live browser context — review the script if you have concerns. - Configuration: check skill-config.json for the QR image URL and description before use to avoid adding unwanted content. Recommended actions: inspect/verify the included script locally, run it with a dedicated browser profile, install Playwright in a controlled environment, and if you need broader platform support add or pass an explicit --profile-dir. If you want an install step, add a package.json and an install spec so dependencies are explicit.

Like a lobster shell, security has layers — review code before you run it.

latestvk97erwz6fmwqcmm0t571ghd23x84dzhw
123downloads
1stars
5versions
Updated 2w ago
v1.0.4
MIT-0
@love254443233
latest
Download

CSDN 文章发布(会话保持版)

核心要求

  • 使用用户目录浏览器会话(Edge/Chrome),复用已有登录态。
  • 默认不关闭浏览器、不丢失上一次会话。
  • 不硬编码文章路径、标题、文章 ID、标签等业务信息;全部参数化。
  • 发布流程内置“页面排版模块”,默认在回填编辑器前执行。

目录结构

csdn-article-publish/
├── SKILL.md
├── skill-config.json
├── scripts/
│   └── csdn_browser_publish.js
└── docs/
    └── usage.md

何时调用

  • 用户要求“发布到 CSDN”“保存到 CSDN 草稿”“先预览再发布”。
  • 用户明确要求保持浏览器会话、复用登录态。

脚本说明(参数化,无硬编码)

脚本:scripts/csdn_browser_publish.js

  • --mode draft:打开发布弹窗并保存草稿
  • --mode draft-preview:保存草稿后关闭弹窗并切换预览
  • --mode publish:打开发布弹窗并提交发布

通用参数:

  • --file <markdown文件路径>:必填
  • --title <标题>:可选,默认用文件名
  • --article-id <文章ID>:可选;传入则打开指定草稿
  • --browser edge|chrome:可选,默认 edge
  • --profile-dir <浏览器用户目录>:可选;不传则按浏览器类型取默认用户目录
  • --keep-open true|false:可选,默认 true
  • --typeset true|false:可选,默认 true
  • --typeset-profile readable|compact:可选,默认 readable
  • --page-typeset true|false:可选,默认 true(页面层排版:尝试关闭 AI 助手侧栏并进入预览态)

二维码文末策略(从配置文件读取):

  • skill-config.jsonenv 字段读取:
    • CSDN_VERTICAL_QR_IMAGE_URL
    • CSDN_VERTICAL_QR_DESCRIPTION(可选)
  • 若配置不存在,则自动追加“请添加公众号二维码图片及相关说明”的占位提示。

排版模块策略(回填编辑器前):

  • 统一标题/列表与正文空行
  • 统一代码块前后留白
  • 压缩异常连续空行
  • readable:偏可读性(推荐)
  • compact:偏紧凑展示

页面排版模块策略(浏览器页面层):

  • 自动尝试关闭 AI 助手侧栏,扩大阅读区域
  • 自动切换到预览态,便于发布前检查
  • 结果 JSON 返回 pageTypesetActions

推荐执行顺序

  1. draft-preview:保存草稿并预览排版
  2. 需要时重复 draft-preview 做排版迭代
  3. 最终执行 publish 或让用户人工确认后发布

异常处理

  • 若出现 ProcessSingleton/SingletonLock:说明浏览器目录被占用。
    • 优先复用已打开会话,不强制重启。
    • 仅在用户同意下重启浏览器恢复可控会话。
  • 若页面元素变更导致按钮失效:更新选择器,不要写死 ref

结果输出

  • 每次执行输出 JSON 结果(按钮命中、当前 URL、截图路径)。
  • 输出会包含二维码变量状态(wechatQrConfigured)。
  • 截图默认保存到当前工作目录:csdn_<mode>_result.png

Comments

Loading comments...