by 安全扫描
OpenClaw
安全
medium confidenceThe skill's code and instructions align with its description (attempt WeRead, fall back to Z-Library and download), but it persistently reuses a browser profile and automates downloads from a third‑party site, which has privacy and legal implications the user should consider.
评估建议
This skill appears to do what it says (automate WeRead and, if necessary, search/download from Z‑Library), but consider the following before using it:
- Privacy: the tool recommends reusing a Playwright user_data_dir (browser profile). Do NOT point it at a profile that contains other accounts or sensitive sessions; create a dedicated profile directory to avoid exposing unrelated cookies/session tokens.
- Downloads and legality: the fallback is Z‑Library, a piracy-associated site. Ensure you und...详细分析 ▾
✓ 用途与能力
Name/description claim to add a book to WeRead then fall back to Z‑Library; the included Playwright script implements searching, adding to shelf, and falling back to download. Required tools (python, playwright, requests, bs4) match the implementation.
ℹ 指令范围
SKILL.md and the script instruct the agent/user to log in and reuse a Playwright persistent profile directory so browser sessions are preserved. That scope is consistent with the automation goal but means the skill will read/write browser profile data (cookies, session state) beyond just the target sites if a shared profile is used.
✓ 安装机制
No install spec — instruction-only with a Python script. This is low-risk from an installer perspective; dependencies are standard Python and Playwright packages as documented.
ℹ 凭证需求
The skill requests no environment variables or credentials, which is proportional. However, recommending reuse of a browser user_data_dir gives the script persistent access to stored cookies and tokens in that directory; using a shared profile could expose unrelated accounts.
ℹ 持久化与权限
always:false (normal). The script intentionally persists browser profiles and download files to ~/Downloads/OpenClaw-Books — this is expected for its function but creates long‑lived local state (saved cookies, downloads).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/3/17
Improve skill description and clarify WeRead-first with Z-Library fallback behavior.
● 无害
安装命令 点击复制
官方npx clawhub@latest install weread-book-finder
镜像加速npx clawhub@latest install weread-book-finder --registry https://cn.clawhub-mirror.com
技能文档
使用 Playwright 脚本自动化处理书籍获取与回退下载。
前提
环境依赖:
python3playwright(安装 Chromium:playwright install chromium)requestsbeautifulsoup4
快速使用
指定书名运行:
python3 skills/weread-book-finder/scripts/find_book.py "书名"
登录态管理
由于微信读书和 Z-Library 需要登录,建议固定使用 profile 目录,避免重复登录:
# 登录微信读书
python3 skills/weread-book-finder/scripts/find_book.py --login weread --headed# 登录 Z-Library
python3 skills/weread-book-finder/scripts/find_book.py --login zlib --headed
后续运行脚本时,会自动复用已登录的浏览器会话。
推荐执行策略
- 默认模式:直接运行脚本,脚本会自动尝试微信读书。若微信读书找不到,脚本会无缝切换至 Z-Library 搜索并下载。
- 严格标题优先:优先精确标题;短标题若只有模糊命中,不会直接误加,而是返回候选后走后备链路。
- 作者辅助匹配:支持输入
书名 / 作者、书名 | 作者、书名 by 作者这类形式,脚本会把作者纳入排序。 - 候选结果可见:输出里会附带前 5 个候选,便于调试和人工确认。
- 调试模式:添加
--headed参数可以打开浏览器窗口观察执行过程。 - 文件保存:下载的电子书默认保存在
~/Downloads/OpenClaw-Books。
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制