批量下载豆瓣电影/电视剧/综艺的剧照和海报。输入片名自动搜索下载,完全自动化,不需要登录。支持缓存去重、反爬延迟。当用户提到"下载剧照"、"获取海报"、"批量下载图片"时使用。
Security Analysis
high confidenceThe skill's code, install spec, and runtime instructions are consistent with its stated purpose (batch-download Douban photos/posters) and do not request unrelated credentials or unusual privileges.
Name/description match the implementation: Node.js scripts that search Douban, extract photo IDs (optionally with Playwright), and download images while handling Referer and redirects. Required binaries (node, npm) and the playwright dependency are coherent with the stated scraping/downloading functionality.
SKILL.md and the JS files instruct the agent to run the included Node scripts and save files under the user's home directory. The code only accesses network resources (Douban and image hosts) and local filesystem directories under the user's home. Minor inconsistency: SKILL.md claims 'does not connect to existing browser sessions for privacy', while some comments and examples in code mention inheriting or connecting to an existing browser session or remote-debugging; actual Playwright functions in the code launch a new headless browser. This is a documentation/code mismatch but not an obvious malicious behavior.
Install uses the well-known npm package 'playwright' (expected for headless browser scraping). Playwright will typically download browser binaries during install which increases disk usage and performs network downloads — expected for this use-case but worth noting as extra installation footprint.
The skill requests no environment variables or credentials and does not access configs outside its download directory. It only uses the network to contact Douban and image host domains, which is proportional to its stated purpose.
always:false and no special privileges requested. The skill writes files only under the user's home (.openclaw/output/photo-download or ~/download/photos) and does not attempt to modify other skills or system-wide settings.
Guidance
This skill appears to do what it says: scrape Douban pages and download images. Before installing, consider: 1) Legal/ToS: scraping may violate Douban's terms — only use for small-scale/personal use as the README warns. 2) Playwright side-effects: installing playwright will download browser binaries and use additional disk space and network traffic. 3) Filesystem: downloaded images are saved under your home directory (~/.openclaw/output/photo-download or ~/download/photos). 4) Privacy: the code launches a headless browser and makes network requests to Douban/image hosts; do not run it with elevated privileges. 5) Minor docs mismatch: SKILL.md claims it won't connect to existing browser sessions but comments/examples mention inheriting sessions or remote debugging — if you need to preserve browser state, review/modify the code intentionally. If you have concerns, run the code in a controlled environment (container/VM) or review the scripts line-by-line before use.
Latest Release
v1.0.1
photo-downloader v1.1.0 - 增加 openclaw 元数据,明确依赖 Node.js 和 Playwright,并自动化 Playwright 安装流程 - 移除“Playwright依赖会自动安装”说明,转为结构化依赖声明 - 兼容性说明更新,明确需要 Node.js 环境 - 新增安全警告,强调不会连接已有浏览器会话,保护隐私
Popular Skills
Published by @zj-john on ClawHub
