Juejin
v1.0.0掘金技术社区一站式操作技能,支持热门文章排行榜查询、Markdown 文章一键发布和文章下载保存为 Markdown。
⭐ 5· 11.6k·2 current·2 all-time
byenoyao@wscats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Juejin hot lists, publish, download) match the provided code and SKILL.md. Network calls and endpoints are to juejin.cn / api.juejin.cn, Playwright is used for interactive login, and markdown conversion/downloading logic is present — all expected for this purpose.
Instruction Scope
SKILL.md and the code instruct the agent to open a browser for login, call Juejin APIs, read local Markdown files, write downloaded articles to disk, and optionally download images. These actions are within the stated scope but do include filesystem reads/writes (~/.juejin_cookie.json, output/ directory, arbitrary local Markdown files) and headless/headful browser navigation for scraping — the user should understand cookies and saved files are created locally.
Install Mechanism
No install spec is provided (instruction-only in registry) though the package includes requirements.txt. Dependencies (httpx, markdownify, playwright, bs4, lxml) are reasonable for the functionality. Note: Playwright requires additional step to install browsers (playwright install chromium). No remote arbitrary binary downloads are embedded in the skill itself.
Credentials
The skill requests no environment variables or external credentials. It does persist authentication cookies to ~/.juejin_cookie.json in plain JSON — these cookies are sensitive because they grant account access. Saving cookies to disk is proportionate to the publish workflow but is a security consideration the user should accept consciously.
Persistence & Privilege
always:false and default model-invocation behavior (agent may call the skill autonomously) is set. Because the skill can load a saved cookie and publish articles programmatically (run_publish.py / ArticlePublisher), an agent that invokes skills autonomously could publish using the saved credentials unless the user prevents it. The skill does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: query Juejin hot lists, download posts to Markdown, and publish Markdown posts using a browser-obtained cookie. Before installing or using it: 1) Be aware it will store your Juejin session cookies in plaintext at ~/.juejin_cookie.json — treat that file like a secret and remove it if you don't want persistent access. 2) Playwright and its browser binaries must be installed separately; installing these grants the skill the ability to open a local browser context. 3) If you enable autonomous model invocation, the agent could use any saved cookie to publish posts without interactive confirmation — consider disabling autonomous invocation for this skill or avoid saving the cookie. 4) Respect Juejin's terms of service when bulk-downloading content. If any of these behaviors are unacceptable, do not install or do not save cookies; otherwise the bundle is coherent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk9789qnwjhgg3ry0sfs3rh9zp9832kyz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.