← Back to Skills Marketplace
100
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install donglun-cli
Description
在东方热线论坛(东论)发帖、回帖、浏览热帖、查看帖子和回复。支持从环境变量或配置文件读取 token,无需登录。
README (SKILL.md)
东论发帖/回帖/浏览 Skill
Token 通过环境变量 CNOOL_API_TOKEN 或 config.json 配置。
使用方式
浏览热帖
# 获取最近7天热帖(默认)
python scripts/post_donglun.py --hot
# 获取最近3天热帖
python scripts/post_donglun.py --hot -d 3
# 分页浏览
python scripts/post_donglun.py --hot -p 2 -s 50
查看帖子详情
python scripts/post_donglun.py -v 10939082
查看回复列表
# 查看帖子的所有回复
python scripts/post_donglun.py --replies 10939082
# 分页查看
python scripts/post_donglun.py --replies 10939082 -p 2 -s 50
发帖
# 发帖(需要提供标题)
python scripts/post_donglun.py -t "帖子标题" -c "帖子内容"
# 从文件读取内容
python scripts/post_donglun.py -t "长文分享" -c @article.txt
回帖
# 回复指定帖子
python scripts/post_donglun.py -r "10939082" -c "回复内容"
# 从文件读取内容
python scripts/post_donglun.py -r "10939082" -c @reply.txt
Usage Guidance
This skill appears to implement the forum posting/browsing functionality it advertises, but note these points before installing:
- Token handling: The script requires a forum token (CNOOL_API_TOKEN) though the registry metadata didn't declare any required env vars. The token will be sent to API endpoints at dzapi.cnool.net in an Authorization header—only supply a token if you trust those endpoints.
- Local file I/O: The script can save the token to config.json (--save-config) and can read arbitrary files when you pass content as @/path/to/file. Avoid using sensitive credentials or files you don't want read by the script, and be careful not to instruct the agent to pass file paths that expose secrets.
- Source provenance: There is no homepage or known source repository. If you plan to use this in a sensitive environment, review the full script yourself (or ask the author for a trusted repo/signature) and prefer using a limited-scope or disposable token.
- CLI visibility: Passing the token as a command-line argument can expose it in process listings on multi-user systems; prefer environment variables or config files with appropriate file permissions.
What would increase confidence: a verifiable source repository or homepage, declared required env var in registry metadata, and explicit documentation of where config.json is written at runtime. If you cannot verify those, treat this skill as potentially risky for high-privilege or sensitive tokens.
Capability Analysis
Type: OpenClaw Skill
Name: donglun-cli
Version: 1.0.0
The skill provides a legitimate CLI interface for interacting with the Donglun forum (bbs.cnool.net) via its official API (dzapi.cnool.net). The Python script (scripts/post_donglun.py) implements standard forum features such as viewing hot posts, reading threads, and posting/replying using a Bearer token. No evidence of data exfiltration, malicious execution, or prompt injection was found; the file-reading capability (@filename) is a standard feature for posting long-form content.
Capability Assessment
Purpose & Capability
Name/description describe posting/browsing on 东方热线 (东论). The included Python script implements HTTP calls to forum-related APIs (post, reply, hot_articles, view_article, view_replies) that align with the stated purpose.
Instruction Scope
SKILL.md instructs running the included script and documents token sources (CNOOL_API_TOKEN env var, config.json, or -k CLI arg). The instructions and allowed-tools (Read, Bash(python:...)) are scoped to running the script. However the SKILL.md and script will read/write a local config.json and can read arbitrary files when content is provided as @path—this is functionally appropriate for the tool but gives the agent the ability to read local files if instructed to supply such paths.
Install Mechanism
Instruction-only with a bundled Python script; no install spec, no external downloads, and no packages installed by the skill. Low install risk.
Credentials
The script and SKILL.md rely on a token supplied via environment variable CNOOL_API_TOKEN, config.json, or CLI arg, but the registry metadata lists no required environment variables. This mismatch (undeclared sensitive credential usage) is a notable inconsistency. The script will send the token in an Authorization header to dzapi.cnool.net and can optionally save the token to a local config.json file.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It may write its own config.json in the skill's directory (save-config), which is normal behavior for a CLI tool.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install donglun-cli - After installation, invoke the skill by name or use
/donglun-cli - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of donglun-poster.
- 投稿、回帖、浏览东方热线论坛热帖、查看帖子和回复等功能。
- 支持通过环境变量或配置文件读取 token,无需登录操作。
- 提供丰富的命令行参数,实现发帖、回帖、分页浏览及文件内容导入。
- 用法说明详见 SKILL.md。
Metadata
Frequently Asked Questions
What is donglun-cli?
在东方热线论坛(东论)发帖、回帖、浏览热帖、查看帖子和回复。支持从环境变量或配置文件读取 token,无需登录。 It is an AI Agent Skill for Claude Code / OpenClaw, with 100 downloads so far.
How do I install donglun-cli?
Run "/install donglun-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is donglun-cli free?
Yes, donglun-cli is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does donglun-cli support?
donglun-cli is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created donglun-cli?
It is built and maintained by CnoolTeam (@cnoolteam); the current version is v1.0.0.
More Skills