ClawHub

腾讯文档Markdown

v1.1.5

腾讯文档 Markdown 技能,支持新建 Markdown 并写入内容、下载、删除、读取、更新、重命名等操作。

3· 2.8k·0 current·0 all-time
byenoyao@wscats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Tencent Docs Markdown: create, read, write, download, delete, rename) match the code and CLI: api.py, auth.py, main.py implement those operations against docs.qq.com. No unrelated credentials or services are requested.
Instruction Scope
SKILL.md and the code consistently instruct installing Python deps and Playwright, performing QR login, and then calling APIs or CLI commands. The runtime actions are limited to browser-based login (Playwright), HTTP requests to docs.qq.com, local cookie storage (.cookies.json), and optional reading of local .md files when the user asks to update from a path. There are no instructions to read unrelated system files or transmit data to external hosts beyond Tencent Docs.
Install Mechanism
Registry shows no install spec, but the package includes package.json, requirements.txt and explicit instructions to run 'pip install -r requirements.txt' and 'playwright install chromium'. Playwright will download Chromium when you run it. This is a standard dependency for browser automation but does require additional downloads and system resources; there are no downloads from unknown personal servers in the repo itself.
Credentials
The skill requests no environment variables or external credentials; authentication is done via QR login and cookies saved to a local .cookies.json. The auth code sanitizes cookies and includes a domain whitelist (docs.qq.com/.qq.com) to limit cookie transmission, which is proportional to the stated purpose.
Persistence & Privilege
The skill stores session cookies in a local .cookies.json file for reuse, which is expected for this use case. It does not request always:true or system-wide privileges, nor does it modify other skills' configs. Autonomous invocation is allowed by default (disable-model-invocation: false) but this is normal platform behavior.
Assessment
This skill appears to implement exactly what it says: a Tencent Docs Markdown client that logs in by QR code and stores cookies locally to operate on docs.qq.com. Before installing, consider: 1) Running in an isolated environment (virtualenv or container) because Playwright will download Chromium and you will install Python packages. 2) .cookies.json contains session tokens—treat it as a secret, store it securely, and avoid committing it to public repos. 3) The login process opens a browser window and requires scanning the QR code with your QQ/WeChat account; doing so grants the skill access to your Tencent Docs session. 4) Review the bundled code (auth.py/api.py) if you want to confirm there are no additional network endpoints; the code shown targets docs.qq.com only. If you do not trust storing Tencent Docs session cookies locally or running browser automation on your machine, do not install/use the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97frzc6x5qgydfbk26sqe9ya583m00b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments