← 返回 Skills 市场
weread_assitant
作者
MingChaoXu
· GitHub ↗
· v1.0.1
· MIT-0
86
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install weread-assitant
功能描述
Sync WeRead shelf state, reading progress, visible book content, and note-ready Markdown into a local workspace using the user's logged-in Chrome session. Us...
安全使用建议
This skill appears to do what it claims, but review these points before installing:
- Understand local access: it drives your local Chrome (via a CDP proxy) and will load WeRead pages using your existing login — the browser will send your session cookies to WeRead even though the code does not read cookie/localStorage values itself. Only run it on machines you control.
- obsidian-cli trust: publishing is done by invoking obsidian-cli with the generated Markdown. Confirm obsidian-cli is the official tool you installed and that your vault configuration is correct.
- CDP proxy origin: the scripts call a local endpoint (http://localhost:3456). Ensure that proxy is indeed local and not forwarding requests to a remote host you don't control.
- Privacy hygiene: inspect output/ before sharing, avoid bulk exports unless you understand privacy/legal implications, and disable Chrome remote debugging when not in use.
If you need higher assurance, you can audit the small extraction functions (scripts/*) — they are readable and explicitly focus on visible DOM/text extraction — or run the scripts in a sandboxed account/vault first.
功能分析
Type: OpenClaw Skill
Name: weread-assitant
Version: 1.0.1
The skill bundle facilitates syncing WeRead bookshelf data and book content into Obsidian notes. It employs high-risk capabilities, specifically browser automation via the Chrome DevTools Protocol (CDP) to interact with a user's logged-in session (found in scripts/cdp-client.mjs, scripts/fetch-book.mjs, and scripts/fetch-shelf.mjs) and local shell command execution using execFile to interface with the obsidian-cli (scripts/publish-obsidian.mjs). While these actions are consistent with the stated purpose and the project includes a detailed SECURITY.md acknowledging these risks, the combination of browser control and host-level command execution constitutes a significant attack surface that warrants a suspicious classification.
能力标签
能力评估
Purpose & Capability
The skill claims to sync WeRead visible content into Obsidian and the code implements exactly that: it drives a local CDP proxy (http://localhost:3456), evaluates DOM extraction scripts, writes JSON/Markdown under output/, and calls obsidian-cli to publish notes. Required external pieces (Chrome logged-in session, Chrome remote debugging, and a local CDP proxy provided by a 'web-access' skill) are documented in SKILL.md. There are no unrelated credentials, third-party cloud APIs, or surprising binaries requested.
Instruction Scope
Runtime instructions and scripts consistently limit what is collected to visible DOM/text and metadata for a shelf or one book, and the SKILL.md + SECURITY.md explicitly state they do not read cookies or browser storage. The scripts execute page-level JS via CDP to extract text, then write local files and optionally call obsidian-cli. Note: because the skill loads pages in your already-logged-in Chrome session, the browser will send cookies to WeRead when loading pages (the code does not programmatically read cookie/localStorage values, but page loads will be authenticated by the browser). This is expected for the described use but is a privacy consideration.
Install Mechanism
There is no automated install script or external downloads; the repo is instruction-only and uses local node scripts. This minimizes installation risk — nothing is fetched from remote URLs or installed automatically by the skill itself.
Credentials
The skill requests no environment variables or secrets. It does require local capabilities: a running Chrome instance with remote debugging enabled and a local CDP proxy (http://localhost:3456), plus obsidian-cli if you want automated publishing. These requirements are proportionate to the purpose, but they do grant the skill the ability to read personal reading data from your logged-in browser and to modify an Obsidian vault via obsidian-cli; ensure you trust obsidian-cli and the local environment providing the CDP proxy.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges. It writes files under its own output/ workspace and invokes obsidian-cli to publish notes; it does not modify other skills or system-wide agent config. Autonomous invocation is allowed (platform default) but not combined with unusual privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install weread-assitant - 安装完成后,直接呼叫该 Skill 的名称或使用
/weread-assitant触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
weread-assistant 1.0.1
- Added repository metadata and security files: .gitignore, LICENSE, and SECURITY.md.
- Updated documentation in SKILL.md to clarify least-privilege operation: only visible DOM is captured, no browser storage or cookies collected.
- Enhanced operating guidance to emphasize security boundaries and minimal data collection.
- Minor output clarification and additional privacy notes.
v1.0.0
这个skill可以让openclaw 和 微信读书联通,通过obsidian自动同步读书笔记
元数据
常见问题
weread_assitant 是什么?
Sync WeRead shelf state, reading progress, visible book content, and note-ready Markdown into a local workspace using the user's logged-in Chrome session. Us... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 86 次。
如何安装 weread_assitant?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install weread-assitant」即可一键安装,无需额外配置。
weread_assitant 是免费的吗?
是的,weread_assitant 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
weread_assitant 支持哪些平台?
weread_assitant 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 weread_assitant?
由 MingChaoXu(@mingchaoxu)开发并维护,当前版本 v1.0.1。
推荐 Skills