From f269667a34c3f45a8d98f392194b9d95cb1348c2 Mon Sep 17 00:00:00 2001 From: Panniantong Date: Thu, 26 Feb 2026 15:13:25 +0100 Subject: [PATCH] =?UTF-8?q?docs:=20=E6=B7=BB=E5=8A=A0=20Cookie=20=E7=99=BB?= =?UTF-8?q?=E5=BD=95=E5=B0=81=E5=8F=B7=E9=A3=8E=E9=99=A9=E6=8F=90=E9=86=92?= =?UTF-8?q?=EF=BC=8C=E5=BC=BA=E8=B0=83=E4=BD=BF=E7=94=A8=E5=B0=8F=E5=8F=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - README: Cookie 安全建议新增封号风险说明 - install.md: Security tip 补充 account ban 风险 - SKILL.md: Cookie 导入段落加封号提醒 --- README.md | 6 +++++- agent_reach/skill/SKILL.md | 2 ++ docs/install.md | 4 +++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 08421fa..028f914 100644 --- a/README.md +++ b/README.md @@ -193,7 +193,11 @@ Agent Reach 在设计上重视安全: ### 🍪 Cookie 安全建议 -需要 Cookie 的平台(Twitter、小红书)建议使用**专用小号**,不要用主账号。Cookie 等同于完整登录权限,用小号可以在凭据泄露时限制影响范围。 +> ⚠️ **封号风险提醒:** 使用 Cookie 登录的平台(Twitter、小红书等),通过脚本/API 调用**存在被平台检测并封号的风险**。请务必使用**专用小号**,不要用你的主账号。 + +需要 Cookie 的平台(Twitter、小红书)建议使用**专用小号**,不要用主账号。原因有二: +1. **封号风险** — 平台可能检测到非正常浏览器的 API 调用行为,导致账号被限制或封禁 +2. **安全风险** — Cookie 等同于完整登录权限,用小号可以在凭据泄露时限制影响范围 ### 📦 安装方式 diff --git a/agent_reach/skill/SKILL.md b/agent_reach/skill/SKILL.md index 5a7a998..7616e6c 100644 --- a/agent_reach/skill/SKILL.md +++ b/agent_reach/skill/SKILL.md @@ -55,6 +55,8 @@ When a user asks to configure/enable any channel: ### Cookie 导入(所有需要登录的平台通用) +> ⚠️ **重要提醒:** 使用 Cookie 登录的平台存在封号风险,请提醒用户务必使用**专用小号**。 + 所有需要 Cookie 的平台(Twitter、小红书等),**优先使用 Cookie-Editor 导入**: 1. 用户在自己的浏览器登录对应平台 diff --git a/docs/install.md b/docs/install.md index 26995f3..2c7916a 100644 --- a/docs/install.md +++ b/docs/install.md @@ -80,7 +80,9 @@ Only ask the user when you genuinely need their input (credentials, permissions, Some channels need credentials only the user can provide. Based on the doctor output, ask for what's missing: -> 🔒 **Security tip:** For platforms that need cookies (Twitter, XiaoHongShu), we recommend using a **dedicated/secondary account** rather than your main account. Cookie-based auth grants full account access — using a separate account limits the blast radius if credentials are ever compromised. +> 🔒 **Security tip:** For platforms that need cookies (Twitter, XiaoHongShu), we recommend using a **dedicated/secondary account** rather than your main account. Cookie-based auth carries two risks: +> 1. **Account ban** — platforms may detect non-browser API calls and restrict or ban the account +> 2. **Credential exposure** — cookies grant full account access; using a secondary account limits the blast radius if credentials are ever compromised > 🍪 **Cookie 导入(所有需要登录的平台通用):** >