餐厅推荐交叉验证

Cross-reference restaurant recommendations from Xiaohongshu (小红书) and Dianping (大众点评) to validate restaurant quality and consistency. Use when querying restaurant recommendations by geographic location (city/district) to get validated insights from both platforms. Automatically fetches ratings, review counts, and analyzes consistency across platforms to provide trustworthy recommendations with confidence scores.

What to consider before installing or running this skill: - Legal/ToS: Both Dianping and Xiaohongshu explicitly prohibit scraping in their docs; using the 'real' scraping mode may violate platform terms and local law — only use for personal research and accept the legal risk. - Session cookies: The skill saves browser sessions/cookies locally (sessions/ and session_state.json). Do NOT run setup.sh or login on shared/cloud machines. Before publishing or sharing the repo, ensure sessions/ and any files containing credentials are removed and added to .gitignore. - Do not store secrets in scripts/config.py: If you must use proxies with authentication, avoid writing credentials into repository files; prefer environment variables or a secure secret store and do not publish them. - Review setup/install scripts: Inspect setup.sh and any install steps before running. They install Python packages and download Playwright browsers (normal) but running them grants the code filesystem and network access on your machine. - Use mock/server-only mode on servers: The repo includes a simulated/mock-data (server) version — use that on headless or shared servers to avoid login/cookie persistence. - Audit network destinations: The docs recommend residential proxy providers; review any third-party service terms and avoid sending credentials or session files to unfamiliar hosts. - Reduce blast radius: Run the skill in an isolated VM or local machine, not on production or shared servers. If you plan to publish, remove any sessions/ and credentials first. If you want, I can: (1) point out exact filenames that store sessions and should be excluded, (2) scan setup.sh for any unsafe commands, or (3) suggest minimal code changes (e.g., .gitignore entry and switching config to read proxy credentials from env vars) to reduce risk.

Type: OpenClaw Skill Name: restaurant-crosscheck Version: 1.0.0 The skill is classified as suspicious due to its reliance on web scraping, which involves several high-risk capabilities. Specifically, `setup.sh` downloads and installs Playwright's Chromium browser (`python3 -m playwright install chromium`), and uses the `--break-system-packages` flag for pip installations, which can interfere with system Python. The `scripts/session_manager.py` script handles persistent login sessions for Dianping and Xiaohongshu by saving browser profile data (including cookies) locally, which, while stated to be for local use and not exfiltrated, involves handling sensitive authentication state. These actions, while necessary for the skill's stated purpose of real-time data fetching, introduce supply chain risks and potential for system interference, without clear malicious intent.