Juejin
AdvisoryAudited by Static analysis on May 2, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read that cookie file could potentially act as the user on Juejin until the cookie expires or is deleted.
The skill uses a persisted session cookie that can act as the user's Juejin account. This is expected for publishing, clearly disclosed, and includes deletion guidance, but it is sensitive delegated authority.
会把掘金会话 Cookie 以明文 JSON 形式保存到 `~/.juejin_cookie.json` ... 后续调用即可以你的身份访问掘金账号(发布文章、读取草稿等)
Use only on a trusted personal machine, avoid shared or CI environments, and delete ~/.juejin_cookie.json when finished or if access should be revoked.
If a user deliberately enables public publishing, the skill can post content publicly under their Juejin account.
The publisher can create drafts and, when explicitly enabled, publicly publish to Juejin. The visible code includes a two-flag safety interlock, so the authority is high-impact but purpose-aligned and guarded.
save_draft_only: bool = True, allow_public_publish: bool = False ... publish_publicly = (not save_draft_only) and bool(allow_public_publish)
Keep the default draft-only mode unless you intend to publish, review the final Markdown, category, tags, and summary, and only confirm public publishing when ready.
Installing dependencies and a browser runtime changes the local environment and relies on package provenance.
The skill requires local dependency and browser installation even though the registry install spec is empty. This setup is expected for Playwright-based login, but it is an external installation step users should notice.
pip install -r requirements.txt # Install Playwright browsers (for login) playwright install chromium
Install from the intended repository, review requirements.txt before installing, and use a virtual environment where possible.