← 返回 Skills 市场
217
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install gequhai-music
功能描述
搜索和下载歌曲海(gequhai.com)的音乐,支持搜索歌曲、获取下载链接(优先无损/高品质), 并可一键下载到群晖NAS。当用户询问歌曲、搜索音乐、或想下载歌曲时使用此技能。
使用说明 (SKILL.md)
歌曲海 (Gequhai) 音乐搜索与下载技能
搜索歌曲海音乐,支持下载到群晖NAS。
功能
- 搜索歌曲 - 按歌名/歌手搜索
- 获取下载链接 - 优先无损/高品质,其次是标准品质
- 排行榜 - 热门榜、新歌榜、飙升榜、抖音榜等
- 下载到群晖 - 一键添加到群晖DownloadStation
网站信息
- 网站:https://www.gequhai.com/
- 特点:免费音乐搜索下载,支持高品质/无损音乐
下载链接类型
| 类型 | 说明 | 可下载到群晖 |
|---|---|---|
| 标准品质(API) | 通过API获取的直接mp3链接 | ✅ 可以 |
| 高品质(直接链接) | 页面上的直接mp3/flac链接 | ✅ 可以 |
| 高品质(网盘链接) | 夸克网盘等分享链接 | ❌ 需手动下载 |
重要: API请求需要带上 X-Custom-Header: SecretKey 才能成功!
使用方法
1. 搜索歌曲
python scripts/gequhai_crawler.py --search "青花瓷"
2. 获取歌曲详情和下载链接
python scripts/gequhai_crawler.py --detail 553
3. 搜索并下载
python scripts/gequhai_crawler.py --download "周杰伦 晴天"
4. Python脚本调用
from scripts.gequhai_crawler import search_songs, get_download_url, download_song
# 搜索歌曲
songs = search_songs("青花瓷")
for s in songs[:5]:
print(f"[{s['id']}] {s['title']} - {s['artist']}")
# 获取下载链接
detail = get_download_url("553")
print(f"标题: {detail['title']}")
print(f"下载链接: {detail.get('url', detail.get('netdisk_url'))}")
print(f"品质: {detail.get('quality')}")
# 下载到群晖
result = download_song(detail, destination="download/音乐下载")
print(f"下载结果: {result}")
群晖下载配置
| 配置项 | 值 |
|---|---|
| 主机 | 192.168.123.223:5000 |
| 用户 | xiaoai |
| 默认下载目录 | download/音乐下载 |
交互流程示例
用户问:帮我下载周杰伦的青花瓷
- 搜索"青花瓷"
- 获取第一首歌的下载链接
- 如果是直接链接 → 添加到群晖下载
- 如果是网盘链接 → 告知用户网盘地址
用户问:最近有什么好听的歌?
- 获取热门歌曲列表
- 展示给用户选择
- 用户选择后下载
注意事项
- API验证:必须带上
X-Custom-Header: SecretKeyheader,否则API返回403 - Session:需要使用Session保持cookie,先访问播放页再请求API
- 下载链接类型:高品质版本通常是网盘链接,标准品质是直接mp3链接
- 请求频率:避免频繁请求,以免被封IP
关键代码
# API请求必须带上这个header
api_headers = {
"X-Requested-With": "XMLHttpRequest",
"X-Custom-Header": "SecretKey", # 关键!
}
# 使用Session保持cookie
session = requests.Session()
# 先访问播放页面获取cookie
session.get(f"{BASE_URL}/play/{song_id}")
# 再请求API
session.post(f"{BASE_URL}/api/music", headers=api_headers, data={...})
错误处理
| 错误 | 原因 | 解决方案 |
|---|---|---|
| 未找到歌曲 | 关键词不匹配 | 尝试其他关键词 |
| 没有下载链接 | 歌曲暂无资源 | 换一首歌 |
| 网盘链接 | 高品质版本在网盘 | 手动下载或使用标准品质 |
安全使用建议
Do not install this skill on a machine that has access to sensitive local resources or your real NAS without first auditing and changing it. Key points to consider before using:
- Hardcoded NAS credentials: scripts/gequhai_crawler.py contains SYNOLOGY_HOST, SYNOLOGY_USER, SYNOLOGY_PASS (values provided). This is a major red flag — change them to require user-supplied values or remove defaults.
- Auto-registration and background tasks: service/main.py will POST to a Skill Gateway on startup and run a background rename processor every 30 seconds. This causes periodic outbound network activity and registers the service endpoint; if you don't want that, either disable startup registration or run the service in a restricted network.
- The skill runs a FastAPI web service exposing /search, /detail, /download endpoints. If you run it, it will listen on a host/port and could be reachable; run in an isolated/containerized environment and restrict network access.
- There is a truncated/buggy part in gequhai_crawler.py (a 'return da' appears in the provided excerpt) — the code may not be fully functional and should be reviewed/tested before use.
- Legal/ethical: the skill scrapes and downloads music; consider copyright and terms of service for the target site and any files you download.
Recommended actions:
1) Inspect the full code (download_song, auto_process_downloads, process_rename_queue) before running. Ensure there are no hidden exfiltration paths.
2) Remove hardcoded credentials; require the user to provide SYNOLOGY_* values via environment variables or a config file.
3) Disable automatic gateway registration (set SKILL_GATEWAY_URL to a safe value or modify startup behavior) if you don't want the skill to advertise itself.
4) Run the service in a sandbox or container with restricted outbound/inbound network rules while testing.
5) If you do not trust the author, prefer not to run the service on networks where the hardcoded credentials could access real devices.
If you provide additional information (full untruncated gequhai_crawler.py and confirmation whether the included passwords are placeholders), I can raise or lower the assessment confidence.
功能分析
Type: OpenClaw Skill
Name: gequhai-music
Version: 1.0.1
The skill bundle contains hardcoded credentials for a Synology NAS (user 'xiaoai', password 'Xx654321') and hardcoded local Windows file paths (e.g., 'C:\Users\an\...') across multiple files including gequhai_crawler.py and get_hot.py. While the code's logic is consistent with its stated purpose of downloading and organizing music, the inclusion of plaintext credentials and broad file management capabilities (rename, move, list) on network-attached storage represents a significant security risk and poor practice. No evidence of intentional data exfiltration to external third parties was found, but the hardcoded sensitive data makes the bundle unsafe for general deployment.
能力评估
Purpose & Capability
Name/description say: search/download music and optionally push to a Synology NAS. The code implements that, but the skill does not ask for user NAS credentials yet includes hardcoded Synology host/user/password (SYNOLOGY_HOST, SYNOLOGY_USER, SYNOLOGY_PASS) in scripts/gequhai_crawler.py. A legitimate NAS-integrated skill should request or document user-provided credentials rather than ship with baked-in secrets and defaults.
Instruction Scope
SKILL.md and code instruct the agent to scrape gequhai.com, call its API (with required X-Custom-Header), and add downloads to a Synology DownloadStation. The instructions and code also reference specific local network addresses and concrete NAS credentials, and the service auto-registers itself to a Skill Gateway. These steps go beyond simple search/download instructions by attempting network integration with local infrastructure and by running a web service with background tasks.
Install Mechanism
There is no install spec (instruction-only), but multiple Python files and a FastAPI service are included. No external download/install URLs are used. Risk is limited to code execution when the files are run, not to arbitrary remote installers, but running the included service would install dependencies and expose an HTTP API.
Credentials
The skill declares no required env vars or credentials, yet the code embeds sensitive-looking constants: SYNOLOGY_HOST = '192.168.123.223', SYNOLOGY_USER = 'xiaoai', SYNOLOGY_PASS = 'Xx654321'. It also uses SKILL_GATEWAY_URL, SERVICE_PORT, SERVICE_HOST (with defaults) inside service/main.py to register itself. Requiring no credentials in metadata while containing hardcoded secrets is incoherent and dangerous.
Persistence & Privilege
always is false, but service/main.py will auto-register to a Skill Gateway on startup (posting base_url built from SERVICE_HOST and SERVICE_PORT) and starts a background task (background_rename_processor) that runs every 30 seconds. The skill will therefore attempt autonomous network activity and keep running periodic tasks if started — this increases blast radius when combined with hardcoded NAS access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install gequhai-music - 安装完成后,直接呼叫该 Skill 的名称或使用
/gequhai-music触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Update - Search and download music from gequhai.com
v1.0.0
Initial release - Search and download music from gequhai.com
元数据
常见问题
Gequhai Music 是什么?
搜索和下载歌曲海(gequhai.com)的音乐,支持搜索歌曲、获取下载链接(优先无损/高品质), 并可一键下载到群晖NAS。当用户询问歌曲、搜索音乐、或想下载歌曲时使用此技能。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 217 次。
如何安装 Gequhai Music?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install gequhai-music」即可一键安装,无需额外配置。
Gequhai Music 是免费的吗?
是的,Gequhai Music 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Gequhai Music 支持哪些平台?
Gequhai Music 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Gequhai Music?
由 anlinxi(@anlinxi)开发并维护,当前版本 v1.0.1。
推荐 Skills