Weiyun Skills
v1.0.3This skill should be used when the user needs to manage Tencent Weiyun cloud storage, including file upload/download, sharing, space management, and account...
⭐ 2· 8.5k·0 current·0 all-time
byenoyao@wscats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Weiyun cloud storage management) align with the included code and SKILL.md: login (QR/cookies), file upload/download, sharing, space management. The skill does not request unrelated environment variables or external credentials beyond browser cookies required by Weiyun.
Instruction Scope
Runtime instructions and code only perform actions relevant to a cloud-storage client: visiting Weiyun pages, QR polling, saving cookies.json, uploading/downloading user-specified local files, and creating a local PNG of the QR code. There is no instruction to read unrelated system files or env vars. However, because the tool uploads local files and persistently saves cookies (cookies.json, weiyun_qrcode.png), users should be aware it can read arbitrary local paths they supply and will store authentication cookies on disk.
Install Mechanism
No install spec that downloads arbitrary archives or external binaries; dependencies are standard Python packages listed in requirements.txt (requests, qrcode, tabulate, optional Pillow). The repository is self-contained Python code — installing via pip from PyPI (or running locally) is the normal, expected flow.
Credentials
The skill declares no required env vars and uses no unrelated credentials. It relies on browser cookies (skey, p_skey, uin, etc.) which are legitimately needed for Weiyun API access. These cookies are sensitive and are saved to cookies.json in the working directory; this is proportionate to the task but requires user caution (file permissions, who can read the file, rotate/revoke cookies if compromised).
Persistence & Privilege
Skill is not force-included (always:false) and uses the platform default allowing invocation. It writes files only within the working directory (cookies.json, weiyun_qrcode.png) and does not attempt to modify other skills or system-wide agent settings.
Assessment
This package appears to do what it says: a Python Weiyun client that authenticates via QR or copied browser cookies and then uploads/downloads/manages files. Before installing or running it: 1) Review the login flow and client.py yourself (or run in an isolated environment) because the tool will save authentication cookies to cookies.json and write a QR PNG to the current directory; treat cookies.json as sensitive (restrict filesystem permissions, delete when done, or use an ephemeral account). 2) Be careful which local paths you give to upload commands — the tool will read and transmit any file you point it at. 3) Install dependencies from PyPI only if you trust the repository; there are no obscure remote installers but do not run arbitrary scripts from unknown sources. 4) If you are concerned about autonomous agent use, verify your agent's skill-invocation settings (the skill can be invoked by the agent by default). If you want additional assurance, request a signed/reputable source or provider contact and a published homepage.Like a lobster shell, security has layers — review code before you run it.
latestvk97cw5e5x9s6b9bggzttf8fe6583dkzh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.