← Back to Skills Marketplace
371
Downloads
3
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install zsxq-fetch
Description
知识星球帖子抓取助手 — 自动抓取指定星球的最新帖子,支持全部/仅精华两种筛选模式,支持通过帖子链接或 ID 获取单条帖子详情,支持多星球配置。本 Skill 应在用户需要查看、汇总或检索知识星球内容时使用。
Usage Guidance
What to consider before installing:
- Credential handling: The script expects ZSXQ_TOKEN but also contains a DEFAULT_TOKEN and will read/write a local token.json. If you do not set ZSXQ_TOKEN, the skill may use the embedded default (an account you don't control). Always set ZSXQ_TOKEN in your environment to your own token rather than relying on any default.
- Local persistence: The skill will create/overwrite {skill_dir}/token.json. If you provide a token and do not want it stored on disk, inspect and remove or restrict token.json (set permissions to 600) or modify the code to disable saving.
- Documentation mismatch: The registry metadata says no required env vars but SKILL.md declares primaryEnv: ZSXQ_TOKEN. Treat ZSXQ_TOKEN as required; the registry metadata appears out-of-date or incorrect.
- Code review: If you are not comfortable with defaults that enable network access without your explicit token, open fetch_topics.js and either remove the DEFAULT_TOKEN and saveToken logic or ensure it only uses env var. Also check where saveToken is invoked to confirm it won't overwrite your token unexpectedly.
- Network scope: The script only talks to https://api.zsxq.com (per code and API reference). That is consistent with its purpose; there are no other remote hosts or obfuscated endpoints in the files provided.
If you decide to install: set ZSXQ_TOKEN explicitly, inspect and (if desired) delete token.json after use, and verify token.json permissions. If you need higher assurance, consider removing the DEFAULT_TOKEN constant before running.
Capability Analysis
Type: OpenClaw Skill
Name: zsxq-fetch
Version: 1.0.0
The skill bundle is a functional tool designed to fetch posts and group information from the Knowledge Planet (ZSXQ) platform via its official API (api.zsxq.com). The code in fetch_topics.js uses standard Node.js HTTPS modules, implements proper rate limiting with exponential backoff, and handles authentication via a user-provided token. While it contains a hardcoded default token and logic to persist tokens locally in token.json, there is no evidence of data exfiltration to unauthorized domains, malicious command execution, or harmful prompt injection instructions.
Capability Assessment
Purpose & Capability
The name/description match the code: the JS fetch script calls the 知识星球 API and exposes commands to list groups, topics, digests, and single-topic details. Requiring a zsxq_access_token cookie (ZSXQ_TOKEN) is coherent with the stated purpose. However, the registry metadata reported "Required env vars: none" while SKILL.md declares primaryEnv: ZSXQ_TOKEN — this metadata mismatch is an inconsistency to be aware of.
Instruction Scope
SKILL.md instructs the user to set $ZSXQ_TOKEN and run node scripts and references groups.json. The actual code additionally reads from and writes to a local token.json and falls back to a DEFAULT_TOKEN embedded in the file. The token.json usage and DEFAULT_TOKEN fallback are not documented in SKILL.md (only env var usage is documented). That means the skill may run without you explicitly setting an env var (using the embedded default) and will persist tokens to disk — behaviors that expand the runtime scope beyond the documented instructions.
Install Mechanism
There is no remote download/install step. install.sh only checks Node >= 18 and validates built-in modules. No external packages/URLs or extract operations are used. Installation risk is low from a supply-chain perspective.
Credentials
The skill needs a single credential-like value (ZSXQ_TOKEN) which is proportional to its function. But the code includes a baked-in DEFAULT_TOKEN (DEFAULT_TOKEN constant) and implements local persistence (token.json) that will be used if you don't provide an env var. Embedding a default token and auto-saving tokens to disk are sensitive behaviors: they may cause requests to be made under another account without your explicit credential, and will persist credentials on disk unless you review/clean token.json.
Persistence & Privilege
The skill does not request system-wide privileges or always:true. It does persist a token to {baseDir}/token.json and can load that token on startup (priority: env > token.json > DEFAULT_TOKEN). Persisting credentials to the skill directory is a limited privilege but should be documented and controlled (file location and permissions).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install zsxq-fetch - After installation, invoke the skill by name or use
/zsxq-fetch - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: 支持抓取星球帖子、精华帖、单条帖子详情和多星球配置
Metadata
Frequently Asked Questions
What is 知识星球帖子抓取助手?
知识星球帖子抓取助手 — 自动抓取指定星球的最新帖子,支持全部/仅精华两种筛选模式,支持通过帖子链接或 ID 获取单条帖子详情,支持多星球配置。本 Skill 应在用户需要查看、汇总或检索知识星球内容时使用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 371 downloads so far.
How do I install 知识星球帖子抓取助手?
Run "/install zsxq-fetch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 知识星球帖子抓取助手 free?
Yes, 知识星球帖子抓取助手 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does 知识星球帖子抓取助手 support?
知识星球帖子抓取助手 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 知识星球帖子抓取助手?
It is built and maintained by Steve Joe (@huxiaoqiao); the current version is v1.0.0.
More Skills