← Back to Skills Marketplace
hanshojin

小雅影音下载器

by HANSHOJIN · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
68
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install xiaoya-download
Description
搜索并从小雅 Alist 下载电影/剧集到本地目录。输入电影或剧集名称,通过小雅搜索接口查找,选择结果后下载到本地。
README (SKILL.md)

🎬 XiaoyaDownload — 小雅影音下载器

搜索小雅/Alist 中的电影/剧集,通过本地 WebDAV 挂载复制到 NAS 指定目录。

功能

  1. 搜索全库 — 输入电影/剧集名称,直接搜索小雅全库资源
  2. 版本选择 — 显示多个版本(不同画质、大小、格式),你可以挑选
  3. WebDAV 复制 — NAS 挂载了小雅 WebDAV 时,用 rsync 本地高速复制

使用方式

搜索电影/剧集

"搜索肖申克的救赎" "帮我找找盗梦空间"

选择要下载的版本

搜索后列出所有版本,告诉小虾编号:

"下载第1个"

操作示例

你: 搜索肖申克的救赎

🦐: 🔍 正在搜索「肖申克的救赎」...
    找到 55 个结果:
    
    [ 1] 🎬 【1994】【肖申克的救赎】.mkv
    [ 6] 🎬 肖申克的救赎 ... 1080p.x265.mkv (11.8 GB)
    ...
    
    要下载哪个?(输入编号)

你: 6

🦐: 📁 复制文件: /vol02/.../肖申克的救赎...mkv → /vol1/1000/Video/
    rsync 速度: 39 MB/s
    ✅ 复制完成!

环境配置

创建 .env 文件:

# 小雅/Alist 网页地址(必填)
XIAOYA_HOST=http://192.168.50.1:5678

# 下载保存目录(必填)
DOWNLOAD_DIR=/vol1/1000/Video

# WebDAV 本地挂载路径(推荐)
WEBDAV_MOUNT=/vol02/1000-1-3fe2c39a

CLI 命令

# 配置检查
python3 scripts/xiaoya_download.py setup

# 搜索
python3 scripts/xiaoya_download.py search "肖申克的救赎"

# 复制到本地(WebDAV)
python3 scripts/xiaoya_download.py copy "/电影/IMDB Top 250/200-250/肖申克的救赎...mkv"

文件结构

skills/XiaoyaDownload/
├── SKILL.md
├── scripts/
│   └── xiaoya_download.py
├── .env
├── .env.example
└── _meta.json
Usage Guidance
Only use this skill with a trusted Xiaoya/Alist host and review the exact source and destination before copying. Configure WEBDAV_MOUNT and DOWNLOAD_DIR carefully, avoid paths containing ../, and prefer an updated version that validates paths stay inside the WebDAV mount before running rsync.
Capability Analysis
Type: OpenClaw Skill Name: xiaoya-download Version: 1.2.0 The skill implements a media downloader using `rsync` in `scripts/xiaoya_download.py`. It contains a path traversal vulnerability in the `cmd_copy` function because `urllib.parse.unquote` is applied to the `remote_path` after it has been joined with the root directory, potentially allowing an attacker to access files outside the intended `WEBDAV_MOUNT` directory. While the functionality aligns with the stated purpose of downloading media, the use of system-level copy commands with unsanitized user-controlled paths constitutes a high-risk vulnerability.
Capability Assessment
Purpose & Capability
The advertised purpose and implementation are generally coherent: it searches a configured Xiaoya/Alist host and copies selected media from a local WebDAV mount into a configured download directory. Users should expect network access, local file reads/writes, and rsync use.
Instruction Scope
The copy workflow accepts a remote path and runs rsync after only stripping a leading slash and URL-decoding it. There is no normalization or containment check to ensure the resolved path remains under WEBDAV_MOUNT, and no clear overwrite confirmation.
Install Mechanism
The registry says there is no install spec and no required binaries/env vars, but the script needs Python requests, rsync, and .env configuration. This is purpose-aligned but under-declared.
Credentials
Reading from a WebDAV mount and writing to DOWNLOAD_DIR is proportionate for a downloader, but the unvalidated path construction can escape the intended mount boundary if given traversal segments such as ../ or encoded equivalents.
Persistence & Privilege
No background service, autonomous persistence, credential storage, or privilege escalation is shown. It only reads a user-created .env file for configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install xiaoya-download
  3. After installation, invoke the skill by name or use /xiaoya-download
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
v1.2.0: 搜索结果显示表格,带画质/编码/大小信息;移除API依赖;支持WebDAV复制
v1.1.1
v1.1.1: 清理文档,移除Token相关说明,仅依赖网页搜索+WebDAV
v1.1.0
v1.1.0: 移除API依赖,仅保留网页搜索+WebDAV复制,配置更简单
v1.0.0
首个版本:搜索小雅全库电影/剧集,支持WebDAV本地复制和API直链下载
Metadata
Slug xiaoya-download
Version 1.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is 小雅影音下载器?

搜索并从小雅 Alist 下载电影/剧集到本地目录。输入电影或剧集名称,通过小雅搜索接口查找,选择结果后下载到本地。 It is an AI Agent Skill for Claude Code / OpenClaw, with 68 downloads so far.

How do I install 小雅影音下载器?

Run "/install xiaoya-download" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 小雅影音下载器 free?

Yes, 小雅影音下载器 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 小雅影音下载器 support?

小雅影音下载器 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 小雅影音下载器?

It is built and maintained by HANSHOJIN (@hanshojin); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments