ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Parse Dedao

v1.0.1

解析"得到"笔记分享链接(支持提取正文和下载图片)。自动提取得到(dedao.cn)分享链接的正文内容,并支持将文章中的图片保存到本地。当用户发送得到笔记分享链接时使用此技能。

1· 117·0 current·0 all-time
by@ymsha88

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ymsha88/parse-deodao-shared-link.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Parse Dedao" (ymsha88/parse-deodao-shared-link) from ClawHub.
Skill page: https://clawhub.ai/ymsha88/parse-deodao-shared-link
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install parse-deodao-shared-link

ClawHub CLI

Package manager switcher

npx clawhub@latest install parse-deodao-shared-link
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description and most code align: parse a dedao.cn share link, extract text and images using Playwright. However there are incoherences: SKILL.md and examples mention parseDedao and other site-specific exports, but scripts/parse.js only exports parsePage. SKILL.md says images default to ./images/, but run_parse.js writes to a hard-coded Windows path (D:/notes/biji/0000). These mismatches suggest sloppy packaging and unexpected filesystem behavior.
!
Instruction Scope
SKILL.md describes extracting content and saving images and provides usage examples. The runtime code does that, but run_parse.js will write markdown and image files to an absolute path (D:/notes/...), which is not documented in SKILL.md. The parse implementation fetches pages and image URLs (network I/O) and writes files to disk — appropriate for a scraper but the undocumented hard-coded path and mismatched exported functions broaden scope unexpectedly.
Install Mechanism
There is no install spec (instruction-only plus shipped scripts). SKILL.md lists dependencies (Playwright and Chromium) but the package does not include installation steps. Playwright requires installing browser binaries and can be large; absence of an install mechanism means the environment must already provide these, which may confuse users and lead them to run the scripts in an environment missing required components.
!
Credentials
The skill requests no secrets or env vars, which is appropriate. However the code writes files to the local filesystem and uses a hard-coded absolute Windows path (D:/notes/biji/0000). This is disproportionate to the description's implied default of './images' and could overwrite or create files in unexpected locations. There are no network exfiltration endpoints in the code, but file-write behavior requires care.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or agent configs. It does, however, write persistent files to disk when executed (markdown and images). That is expected for this use case, but the hard-coded output location increases the chance of undesired persistence on the host.
What to consider before installing
This skill appears to implement a dedao.cn scraper, but it has several red flags you should address before running: (1) run_parse.js writes output to a hard-coded Windows path (D:/notes/biji/0000) instead of the documented ./images or a configurable outputDir — change this to a relative or configurable directory to avoid overwriting files; (2) SKILL.md and test files reference parseDedao/other exports but parse.js only exports parsePage — verify and fix the API surface so you know which functions will run; (3) the skill depends on Playwright/Chromium but includes no install steps — ensure you install Playwright and its browser binaries in a controlled environment; (4) review the code locally to confirm there are no hidden network endpoints or logging to unexpected services (there are none obvious in the supplied files); (5) run the scripts in a sandbox or VM with limited permissions first to confirm behavior and to prevent accidental writes to system drives. Given the inconsistencies, treat this as potentially useful but untrusted until you fix/configure the output paths and verify dependencies.

Like a lobster shell, security has layers — review code before you run it.

latestvk976sw0fcnje5q8em06e85z6n983qayv
117downloads
1stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
@ymsha88
latest
Download

解析得到笔记分享链接

功能

  1. 提取正文内容 - 自动识别并提取文章正文
  2. 下载文章图片 - 将文章中的主要图片保存到本地目录

使用方法

当用户发送得到笔记分享链接时,自动解析并保存内容。

输入

  • URL: 得到笔记分享链接,格式如:https://www.dedao.cn/share/packet?packetId=xxx

输出

  • 标题: 文章标题
  • 正文: 清洗后的文章内容
  • 图片: 保存到 ./images/ 目录

API 使用

const { parsePage, parseDedao } = require('./parse.js');

// 通用解析(支持任意网页)
const result = await parsePage(url, {
  saveImages: true,           // 是否保存图片
  outputDir: './downloads',   // 图片保存目录
  contentSelectors: [...],     // 自定义内容选择器
  imageSelectors: [...]        // 自定义图片选择器
});

// 得到笔记专用
const result = await parseDedao(url, {
  saveImages: true,
  outputDir: './images'
});

返回值

{
  success: true,
  title: '文章标题',
  content: '文章正文内容',
  images: [
    { originalUrl: 'https://...', localPath: 'D:/.../image_1.jpg' },
    { originalUrl: 'https://...', localPath: 'D:/.../image_2.jpg' }
  ],
  error: null
}

依赖

  • Playwright
  • Chromium 浏览器

注意事项

  • 图片默认保存到 ./images/ 目录
  • 图片按序号命名:image_1.jpg, image_2.jpg
  • 每个文章会创建独立的时间戳子目录

Comments

Loading comments...