← 返回 Skills 市场
kklouzal

MAL-Updater

作者 kklouzal · GitHub ↗ · v0.1.6 · MIT-0
linux ✓ 安全检测通过
206
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install mal-updater
功能描述
Multi-provider anime → MyAnimeList sync and recommendations skill with guarded auth, review-queue triage, health checks, bootstrap auditing, and user-systemd...
使用说明 (SKILL.md)

MAL-Updater

Treat {baseDir} as the skill root. This repository is the skill package.

Core model

  • Keep business logic in the repo-local Python CLI.
  • Keep runtime state outside the skill tree under the workspace runtime root .MAL-Updater/ unless the operator explicitly overrides paths.
  • Do not assume host-specific absolute paths, IPs, or preexisting local copies under ~/.openclaw/workspace/skills/.
  • For new installs or portability audits, start with bootstrap-audit before doing any live auth or sync work.
  • Prefer the long-lived user-systemd daemon over timers or OpenClaw cron for unattended operation.

Bootstrap / onboarding workflow

  1. cd {baseDir}
  2. Run PYTHONPATH=src python3 -m mal_updater.cli bootstrap-audit
  3. Read {baseDir}/references/bootstrap-onboarding.md
  4. Use the audit output to:
    • verify required binaries
    • check whether provider-specific optional transport/runtime extras are missing
    • confirm the external runtime layout under .MAL-Updater/
    • identify which user-provided secrets/app settings are still missing for MAL and any enabled source providers
    • verify the secrets location is outside version control and suitable for restrictive local permissions
    • decide whether the repo-owned user-systemd daemon can be installed on this host
  5. If bootstrap is incomplete, guide the user through the missing steps instead of pretending install is finished.
  6. Prompt for provider credentials only when the workflow reaches that provider's bootstrap step; do not request Crunchyroll or HIDIVE secrets preemptively if the user has not chosen or enabled that provider yet.

How to access backend data / operator surfaces

For the most common operator/data tasks, use the repo-local CLI from {baseDir}:

Read-only inspection

  • PYTHONPATH=src python3 -m mal_updater.cli status
  • PYTHONPATH=src python3 -m mal_updater.cli bootstrap-audit
  • PYTHONPATH=src python3 -m mal_updater.cli service-status
  • PYTHONPATH=src python3 -m mal_updater.cli service-run-once
  • PYTHONPATH=src python3 -m mal_updater.cli health-check --format summary

Recommendations / recommendation-related data

  • PYTHONPATH=src python3 -m mal_updater.cli recommend --limit 20
  • PYTHONPATH=src python3 -m mal_updater.cli recommend --limit 20 --flat
  • PYTHONPATH=src python3 -m mal_updater.cli recommend-refresh-metadata

Review queue / mapping triage

  • PYTHONPATH=src python3 -m mal_updater.cli list-review-queue --summary
  • PYTHONPATH=src python3 -m mal_updater.cli review-queue-next --issue-type mapping_review
  • PYTHONPATH=src python3 -m mal_updater.cli review-queue-worklist --issue-type mapping_review --limit 5
  • PYTHONPATH=src python3 -m mal_updater.cli list-mappings

Sync planning / guarded execution

  • PYTHONPATH=src python3 -m mal_updater.cli dry-run-sync --provider all --limit 20 --approved-mappings-only
  • PYTHONPATH=src python3 -m mal_updater.cli apply-sync --limit 0 --exact-approved-only --execute
  • PYTHONPATH=src python3 -m mal_updater.cli provider-fetch-snapshot --provider crunchyroll --out .MAL-Updater/cache/live-crunchyroll-snapshot.json --ingest
  • PYTHONPATH=src python3 -m mal_updater.cli provider-fetch-snapshot --provider hidive --out .MAL-Updater/cache/live-hidive-snapshot.json --ingest

Operational workflow

Prefer read-only inspection before live writes.

Read-only first:

  • status
  • bootstrap-audit
  • health-check
  • service-status
  • service-run-once
  • list-mappings
  • list-review-queue --summary
  • dry-run-sync
  • recommend

Treat these as state-changing:

  • mal-auth-login
  • mal-refresh
  • provider-auth-login --provider crunchyroll
  • provider-auth-login --provider hidive
  • provider-fetch-snapshot --provider \x3Cprovider> --ingest
  • apply-sync --execute
  • scripts/install_user_systemd_units.sh
  • install-service
  • restart-service

High-value references

  • Read {baseDir}/references/bootstrap-onboarding.md for install/onboarding/bootstrap expectations.
  • Read {baseDir}/references/cli-recipes.md for copy/paste command patterns.
  • Read {baseDir}/references/data-surfaces.md for a concise map of which backend commands expose recommendations, review-queue state, service/runtime state, and guarded sync surfaces.

Guardrails

  • Keep sync behavior conservative; do not invent broader write scope than the CLI already supports.
  • Prefer dry-run-sync before apply-sync --execute unless the task explicitly asks for a live apply.
  • Treat Crunchyroll auth/fetch instability as real residue; document it plainly.
  • Treat staged provider credentials and long-lived tokens as sensitive local files; keep them out of version control and prefer restrictive local permissions.
  • When a host cannot satisfy the unattended daemon path, say so clearly instead of silently skipping service setup.
  • Recommend manual review before enabling unattended daemon operation on a host that matters.
  • Keep outputs short and actionable: counts, blockers, next command, and whether user input is needed.
安全使用建议
This repo appears to implement what it claims: a local Python CLI and optional user-level daemon that fetches provider data (Crunchyroll/HIDIVE), maps it to MyAnimeList, and can perform guarded writes. Before installing or enabling unattended operation: 1) Review scripts/install_user_systemd_units.sh and the rendered .service unit to confirm you understand what the daemon will run and its environment; 2) Verify where the MAL client id and provider credentials are read from (SKILL.md recommends staging into .MAL-Updater/secrets/), and secure that directory with restrictive local permissions; 3) Confirm you trust the upstream source (homepage repo) and optionally scan the included code for network endpoints you don’t recognize; 4) Use bootstrap-audit and run dry-run-sync / health-check first; and 5) Only enable the user-systemd daemon on hosts where persistent background networked access and stored tokens are acceptable. The only small inconsistency: the registry metadata lists a primaryEnv name while most docs instruct storing credentials in the external secrets directory — confirm which mechanism your deployment expects.
功能分析
Type: OpenClaw Skill Name: mal-updater Version: 0.1.6 The mal-updater skill is a legitimate utility designed to synchronize anime watch history between Crunchyroll, HIDIVE, and MyAnimeList. It follows security best practices by externalizing runtime state to a hidden directory (.MAL-Updater/) and enforcing restrictive file permissions (0o600) on sensitive credential files in src/mal_updater/auth.py. Persistence is implemented transparently via a user-level systemd daemon, managed by a dedicated installer script (scripts/install_user_systemd_units.sh) that uses templates to avoid hardcoded paths. The code is well-structured, includes extensive unit tests, and communicates only with official service endpoints (myanimelist.net, crunchyroll.com, and imggaming.com). No evidence of data exfiltration, malicious obfuscation, or prompt injection was found.
能力评估
Purpose & Capability
Name/description (MyAnimeList sync + provider ingestion + recommendations) match the repository contents: Python CLI, Crunchyroll/HIDIVE provider implementations, MAL client integration, review queue, and systemd install helpers. Declared runtime binaries (python3/python) are appropriate.
Instruction Scope
SKILL.md instructs running the repo-local Python CLI, running bootstrap-audit, staging secrets under an external runtime tree (.MAL-Updater/), and optionally installing a user-level systemd daemon via the provided scripts. These are within the stated purpose. Note: the agent/operator will be instructed to create/stage credentials and to install a long-lived daemon that performs network requests and token refreshes; that is expected but worth explicit operator review before enabling unattended mode.
Install Mechanism
No external install spec or remote downloads. All code is included in the repo and intended to be executed in-place via PYTHONPATH=src python3 -m mal_updater.cli. That reduces supply-chain ambiguity. Scripts will render/install user systemd units on the host (user-level only).
Credentials
Primary credential declared (MAL_UPDATER_MAL_CLIENT_ID) is consistent with the MAL OAuth requirement. The repo prefers staging secrets in .MAL-Updater/secrets/ rather than environment variables for provider credentials; registry metadata naming an env var may be a mild mismatch with SKILL.md (operator should confirm how to supply the MAL client id). Crunchyroll/HIDIVE credentials are requested only when those providers are enabled, which matches the described workflow.
Persistence & Privilege
The skill requires (optional) installation of a user-level systemd service that runs a long-lived daemon which persists state and tokens under the workspace runtime tree. That provides persistent background networked behavior and token storage; it is legitimate for this skill but increases attack surface. always:false and normal agent-autonomy settings mitigate risk, but operators should inspect the unit/script and secure .MAL-Updater/secrets/ (restrict permissions).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install mal-updater
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /mal-updater 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.6
Add conservative unattended budget defaults, unify auth-failure detection, and improve sync/apply budgeting behavior.
v0.1.5
Publish latest repo state, including same-title split-bundle auto-resolution improvements and current operator/automation updates.
v0.1.4
Add OpenClaw manifest metadata for homepage, Linux targeting, Python runtime requirement, and primary MAL credential mapping.
v0.1.3
Add the provider-agnostic core, HIDIVE source support, multi-provider daemon lanes, aggregate planning/runtime updates, and refresh the docs/onboarding flow for Crunchyroll + HIDIVE.
v0.1.2
Improve residual MAL mapping auto-approvals with generalized installment/title matching, finish the 7th Prince case, and reduce the live manual review queue to the final genuine ambiguity.
v0.1.1
Add MIT license, attribution note, and clearer secret-handling guidance
v0.1.0
Initial public release
元数据
Slug mal-updater
版本 0.1.6
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 7
常见问题

MAL-Updater 是什么?

Multi-provider anime → MyAnimeList sync and recommendations skill with guarded auth, review-queue triage, health checks, bootstrap auditing, and user-systemd... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 206 次。

如何安装 MAL-Updater?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mal-updater」即可一键安装,无需额外配置。

MAL-Updater 是免费的吗?

是的,MAL-Updater 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

MAL-Updater 支持哪些平台?

MAL-Updater 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux)。

谁开发了 MAL-Updater?

由 kklouzal(@kklouzal)开发并维护,当前版本 v0.1.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论