Md To Zhihu
v1.0.0Convert markdown articles to Zhihu (知乎) publishing format and one-click publish articles. Use when the user wants to publish markdown content to Zhihu, conve...
⭐ 0· 95·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (convert Markdown and publish to Zhihu) match the included files (convert.py and publish.py). The scripts implement HTML conversion and browser-based login + API calls to zhuanlan.zhihu.com, which is expected for this functionality. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md instructs installing markdown/pygments/beautifulsoup4 and optional playwright/requests and to run the bundled scripts. publish.py launches a real Chrome/Edge with remote debugging to capture cookies and then uses requests to call Zhihu APIs. This scope is consistent with one-click publishing, but it requires saving browser cookies and opening a remote-debugging port (9222) during login, which is sensitive and should be understood by the user.
Install Mechanism
There is no install spec in the registry; the SKILL.md tells the user to pip install standard packages and to run playwright install chromium. No downloads from untrusted URLs or archive extraction are present in the provided files. Playwright/Chromium installation is expected for browser automation.
Credentials
The skill declares no environment variables or external credentials. It does persist Zhihu cookies to a local file (.zhihu_cookies.json) and creates a browser profile directory under the script directory. Requesting and storing cookies is proportionate to automating login/publishing, but cookies are sensitive and grant account access if stolen or reused.
Persistence & Privilege
always:false and the skill does not modify other skills or system-wide configs. It writes a browser profile directory and a cookie file within the skill directory, and briefly opens a local remote-debugging port (default 9222) to capture cookies. Those actions are local and limited in scope, but carry modest risk if the profile or cookie file is shared or the debugging port is exposed.
Assessment
This skill appears to do what it claims (convert Markdown and publish to Zhihu), but it automates login by launching a real browser with remote debugging and saving Zhihu cookies to a local file. Before installing/using it: (1) review the scripts yourself and confirm you are comfortable with the cookie file (.zhihu_cookies.json) being written to the skill folder; (2) use a dedicated browser profile (the script creates one under the skill directory) and avoid pointing it at your primary browser profile; (3) delete the saved cookie file and profile when no longer needed; (4) be aware the script opens a local debugging port (default 9222) during login — ensure no untrusted local processes can connect at that time; (5) if you host sensitive accounts in the same browser, consider running the login step in an isolated environment (VM/container) or perform the login manually and import cookies yourself; (6) verify network calls (the scripts call zhuanlan.zhihu.com APIs) and avoid running the skill if you see unexpected remote endpoints. If you want higher assurance, have a trusted developer audit the full source before use.Like a lobster shell, security has layers — review code before you run it.
latestvk971zzz5xqjt3k7k4e4bmvervh84gey5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.