← 返回 Skills 市场
371
总下载
3
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install zsxq-fetch
功能描述
知识星球帖子抓取助手 — 自动抓取指定星球的最新帖子,支持全部/仅精华两种筛选模式,支持通过帖子链接或 ID 获取单条帖子详情,支持多星球配置。本 Skill 应在用户需要查看、汇总或检索知识星球内容时使用。
安全使用建议
What to consider before installing:
- Credential handling: The script expects ZSXQ_TOKEN but also contains a DEFAULT_TOKEN and will read/write a local token.json. If you do not set ZSXQ_TOKEN, the skill may use the embedded default (an account you don't control). Always set ZSXQ_TOKEN in your environment to your own token rather than relying on any default.
- Local persistence: The skill will create/overwrite {skill_dir}/token.json. If you provide a token and do not want it stored on disk, inspect and remove or restrict token.json (set permissions to 600) or modify the code to disable saving.
- Documentation mismatch: The registry metadata says no required env vars but SKILL.md declares primaryEnv: ZSXQ_TOKEN. Treat ZSXQ_TOKEN as required; the registry metadata appears out-of-date or incorrect.
- Code review: If you are not comfortable with defaults that enable network access without your explicit token, open fetch_topics.js and either remove the DEFAULT_TOKEN and saveToken logic or ensure it only uses env var. Also check where saveToken is invoked to confirm it won't overwrite your token unexpectedly.
- Network scope: The script only talks to https://api.zsxq.com (per code and API reference). That is consistent with its purpose; there are no other remote hosts or obfuscated endpoints in the files provided.
If you decide to install: set ZSXQ_TOKEN explicitly, inspect and (if desired) delete token.json after use, and verify token.json permissions. If you need higher assurance, consider removing the DEFAULT_TOKEN constant before running.
功能分析
Type: OpenClaw Skill
Name: zsxq-fetch
Version: 1.0.0
The skill bundle is a functional tool designed to fetch posts and group information from the Knowledge Planet (ZSXQ) platform via its official API (api.zsxq.com). The code in fetch_topics.js uses standard Node.js HTTPS modules, implements proper rate limiting with exponential backoff, and handles authentication via a user-provided token. While it contains a hardcoded default token and logic to persist tokens locally in token.json, there is no evidence of data exfiltration to unauthorized domains, malicious command execution, or harmful prompt injection instructions.
能力评估
Purpose & Capability
The name/description match the code: the JS fetch script calls the 知识星球 API and exposes commands to list groups, topics, digests, and single-topic details. Requiring a zsxq_access_token cookie (ZSXQ_TOKEN) is coherent with the stated purpose. However, the registry metadata reported "Required env vars: none" while SKILL.md declares primaryEnv: ZSXQ_TOKEN — this metadata mismatch is an inconsistency to be aware of.
Instruction Scope
SKILL.md instructs the user to set $ZSXQ_TOKEN and run node scripts and references groups.json. The actual code additionally reads from and writes to a local token.json and falls back to a DEFAULT_TOKEN embedded in the file. The token.json usage and DEFAULT_TOKEN fallback are not documented in SKILL.md (only env var usage is documented). That means the skill may run without you explicitly setting an env var (using the embedded default) and will persist tokens to disk — behaviors that expand the runtime scope beyond the documented instructions.
Install Mechanism
There is no remote download/install step. install.sh only checks Node >= 18 and validates built-in modules. No external packages/URLs or extract operations are used. Installation risk is low from a supply-chain perspective.
Credentials
The skill needs a single credential-like value (ZSXQ_TOKEN) which is proportional to its function. But the code includes a baked-in DEFAULT_TOKEN (DEFAULT_TOKEN constant) and implements local persistence (token.json) that will be used if you don't provide an env var. Embedding a default token and auto-saving tokens to disk are sensitive behaviors: they may cause requests to be made under another account without your explicit credential, and will persist credentials on disk unless you review/clean token.json.
Persistence & Privilege
The skill does not request system-wide privileges or always:true. It does persist a token to {baseDir}/token.json and can load that token on startup (priority: env > token.json > DEFAULT_TOKEN). Persisting credentials to the skill directory is a limited privilege but should be documented and controlled (file location and permissions).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zsxq-fetch - 安装完成后,直接呼叫该 Skill 的名称或使用
/zsxq-fetch触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 支持抓取星球帖子、精华帖、单条帖子详情和多星球配置
元数据
常见问题
知识星球帖子抓取助手 是什么?
知识星球帖子抓取助手 — 自动抓取指定星球的最新帖子,支持全部/仅精华两种筛选模式,支持通过帖子链接或 ID 获取单条帖子详情,支持多星球配置。本 Skill 应在用户需要查看、汇总或检索知识星球内容时使用。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 371 次。
如何安装 知识星球帖子抓取助手?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zsxq-fetch」即可一键安装,无需额外配置。
知识星球帖子抓取助手 是免费的吗?
是的,知识星球帖子抓取助手 完全免费(开源免费),可自由下载、安装和使用。
知识星球帖子抓取助手 支持哪些平台?
知识星球帖子抓取助手 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 知识星球帖子抓取助手?
由 Steve Joe(@huxiaoqiao)开发并维护,当前版本 v1.0.0。
推荐 Skills