← 返回 Skills 市场

Cookie Alive Pro

Name: Cookie Alive Pro
Author: seanmwx

作者 Xinhai Zou · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

139

总下载

当前安装

版本数

在 OpenClaw 中安装

/install cookie-alive

功能描述

Persist, refresh, and serve website session cookies through a local SQLite-backed cookie store. Use when Codex needs to keep authenticated cookies alive by c...

使用说明 (SKILL.md)

Session Cookie Online

Overview

Use this skill when a website session must stay alive without building a full browser-automation system.

The runtime script stores named session profiles in SQLite, replays a deterministic HTTP keepalive request, merges Set-Cookie updates back into the database, and exposes the current cookies to downstream programs.

Quick Start

Pick a database name. The default is default, which resolves to ~/.cookie_alive/default.db.
Capture the current cookie as either a Cookie header string or a JSON object.
Store or update a named profile with python {baseDir}/scripts/cookie_alive.py upsert ....
Validate the stored cookie with python {baseDir}/scripts/cookie_alive.py get --profile \x3Cprofile>.
Refresh it once with python {baseDir}/scripts/cookie_alive.py refresh --profile \x3Cprofile>.
Keep it alive with python {baseDir}/scripts/cookie_alive.py run --profile \x3Cprofile>.

Workflow Rules

Prefer a lightweight authenticated endpoint for --refresh-url, such as /ping, /me, or a low-cost page load. Avoid heavy pages when a cheaper endpoint exists.
Store cookies with --cookie-header when the source is browser devtools or another HTTP client. Store them with --cookie-json when the source is already structured.
Use get --format header when another program needs a literal Cookie header value.
Use get --format record or list when another program needs metadata such as interval_seconds, last_status_code, or last_refreshed_at.
If the target site requires JavaScript timers, WebSocket traffic, or browser-only activity to stay logged in, use external browser automation to renew the cookie and write the updated cookie back with upsert. This skill only performs deterministic HTTP requests.

Script

scripts/cookie_alive.py Use this CLI for profile CRUD, one-shot refreshes, and repeat keepalive loops.

References

references/commands.md Load this file for exact CLI shapes, storage path rules, and copy-paste examples.

安全使用建议

This skill appears to do what it claims, but it handles highly sensitive data (session cookies). Before installing or running it: 1) Recognize that cookies stored under ~/.cookie_alive are secrets—restrict filesystem permissions, consider using a dedicated user or encrypted volume, and delete databases when no longer needed. 2) The examples include a local HTTP wrapper that defaults to 127.0.0.1 (safe) but can be bound to other interfaces—do not bind it to a public interface or network you do not control, or you will expose cookies. 3) The tool will make outbound HTTP requests to whatever refresh_url you configure—ensure those URLs are trusted and that you aren’t inadvertently sending cookies to an attacker-controlled endpoint. 4) Review/scan the included scripts before use and run in a least-privilege environment (container or separate account) if you are concerned. 5) If you need stronger protection for stored cookies, add encryption at rest or avoid persistent storage and instead keep cookies in a more secure credential store.

功能分析

Type: OpenClaw Skill Name: cookie-alive Version: 1.0.0 The bundle provides a well-engineered utility for maintaining active website sessions by periodically refreshing cookies via a local SQLite store. The core script, `scripts/cookie_alive.py`, implements safe practices such as parameterized SQL queries, strict regex validation for database names to prevent path traversal, and manual handling of HTTP redirects to detect session expiry. While the bundle includes a local HTTP wrapper (`scripts/examples/http_api_wrapper.py`) that could expose cookies to other local processes, this is presented as an optional integration example. No evidence of data exfiltration, hardcoded malicious endpoints, or prompt injection was found; the tool is transparently designed for its stated purpose of session persistence.

能力评估

✓ Purpose & Capability

The name/description (persist, refresh, serve cookies) matches the included scripts: a CLI that stores profiles in SQLite under ~/.cookie_alive, performs deterministic HTTP refresh requests, merges Set-Cookie updates, and returns cookies as a header/JSON/record. No unrelated cloud credentials, binaries, or install steps are requested.

ℹ Instruction Scope

SKILL.md and references describe only cookie storage/refresh/export operations and match the code. The examples run the CLI via subprocess and provide a local HTTP wrapper that exposes routes (/pull, /check, /list). That wrapper defaults to 127.0.0.1 but can be configured to bind elsewhere — if started on a public interface it could leak cookies. The runtime also writes databases under a home path (default ~/.cookie_alive), which is expected but means sensitive data is persisted to disk.

✓ Install Mechanism

No install spec and no external downloads. The skill is instruction/code-only and does not fetch or execute remote archives or third-party packages during installation. This minimizes install-time risk.

ℹ Credentials

The skill does not require secret environment variables or external credentials. It supports optional env overrides (COOKIE_ALIVE_HOME, SESSION_COOKIE_ONLINE_HOME, COOKIE_ALIVE_DB_NAME) which are reasonable. However, the tool persists sensitive cookie values in SQLite files under the resolved storage root; users should treat these as secrets and protect them accordingly.

✓ Persistence & Privilege

The skill does not request always:true and is user-invocable. It will create and update files under its own storage directory (~/.cookie_alive by default) but does not modify other skills or system-wide agent config. Autonomous invocation is allowed (platform default) but is not combined with other privilege escalations here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install cookie-alive
安装完成后，直接呼叫该 Skill 的名称或使用 /cookie-alive 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Session Cookie Online skill initial release: - Persist and refresh website session cookies using a local SQLite database. - Store, update, and retrieve session profiles via a CLI script. - Keep cookies alive by replaying deterministic HTTP keepalive requests on a schedule. - Merge Set-Cookie responses into the database and expose cookies to other programs. - Support input and output as HTTP Cookie headers or structured JSON maps. - Designed for lightweight session management without browser automation.

元数据

Slug cookie-alive

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Cookie Alive Pro 是什么？

Persist, refresh, and serve website session cookies through a local SQLite-backed cookie store. Use when Codex needs to keep authenticated cookies alive by c... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 139 次。

如何安装 Cookie Alive Pro？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cookie-alive」即可一键安装，无需额外配置。

Cookie Alive Pro 是免费的吗？

是的，Cookie Alive Pro 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Cookie Alive Pro 支持哪些平台？

Cookie Alive Pro 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Cookie Alive Pro？

由 Xinhai Zou（@seanmwx）开发并维护，当前版本 v1.0.0。