← Back to Skills Marketplace
cattalk2

Bear Blog Publisher

by CatTalk · GitHub ↗ · v1.0.13
cross-platform ⚠ suspicious
842
Downloads
2
Stars
0
Active Installs
14
Versions
Install in OpenClaw
/install bear-blog-publisher
Description
Publish blog posts to Bear Blog platform. Supports user-provided markdown, AI-generated content, and auto-generated diagrams.
README (SKILL.md)

Bear Blog Publisher

Publish blog posts to Bear Blog (https://bearblog.dev/).

Overview

This skill provides automated publishing capabilities for Bear Blog, including optional AI content generation and diagram generation.

Authentication Methods (Choose One)

Method 1: OpenClaw Config (Recommended for Personal Use)

Add to your ~/.openclaw/openclaw.json:

{
  "skills": {
    "bear-blog-publisher": {
      "email": "[email protected]",
      "password": "yourpassword"
    }
  }
}

Security: File permissions should be set to 600 (readable only by owner).

Method 2: Environment Variables (Recommended for CI/CD)

export BEAR_BLOG_EMAIL="[email protected]"
export BEAR_BLOG_PASSWORD="yourpassword"

Security: Credentials exist only in memory, not written to disk.

Method 3: Runtime Parameters (Recommended for Multi-User)

Provide credentials when calling the skill:

publisher = BearBlogPublisher(email="[email protected]", password="secret")

Security: Caller (chat bot, web app, etc.) manages credential lifecycle.

AI Content Generation (Optional)

To use AI content generation, configure one of the following:

OpenAI

export OPENAI_API_KEY="sk-..."

Kimi

export KIMI_API_KEY="your-kimi-api-key"

Usage

publisher = BearBlogPublisher()
content = publisher.generate_content(
    topic="Python best practices",
    provider="openai",  # or "kimi"
    tone="professional",
    length="medium"
)
result = publisher.publish(title="My Post", content=content)

Priority Order

  1. Runtime parameters (highest priority)
  2. Environment variables
  3. OpenClaw config (lowest priority)

Capabilities

1. Publish Blog Post

Input:

  • title (string): Blog post title
  • content (string): Markdown content
  • email (string, optional): Bear Blog email
  • password (string, optional): Bear Blog password

Output:

  • Published URL or error message

2. AI Content Generation (Optional)

Generate blog content using OpenAI or Kimi API.

3. Generate Diagram (Optional)

For technical topics, generates architecture diagrams using HTML/CSS + Playwright.

Security Best Practices

  1. Never commit credentials to git
  2. Use environment variables in production
  3. Set file permissions to 600 for config files
  4. Use runtime parameters for multi-user scenarios

Security Considerations

This skill makes several operational choices that users should be aware of:

1. Playwright Browser Download

  • Why: Required for generating architecture diagrams as PNG images
  • Size: ~100MB Chromium browser
  • Alternative: Skip diagram generation if not needed

2. Temporary Files

  • Location: /tmp/diagram.html and /tmp/diagram.png
  • Purpose: Intermediate files for diagram generation
  • Cleanup: Files are overwritten on each run, not explicitly deleted

3. --no-sandbox Flag

  • Why: Required for running Chromium in containerized/Docker environments
  • Risk: Slightly reduced browser isolation
  • Mitigation: Only used for local HTML-to-image conversion, no external URLs loaded

4. Plaintext Password Storage (Optional)

  • Config file: Only if user chooses Method 1
  • Recommendation: Use environment variables (Method 2) or runtime parameters (Method 3) instead
  • If using config: Always set file permissions to 600

Example Usage

With Config File

# ~/.openclaw/openclaw.json configured
You: "Publish a blog about Python tips"
AI: [Uses config credentials, publishes]

With Environment Variables

export BEAR_BLOG_EMAIL="[email protected]"
export BEAR_BLOG_PASSWORD="secret"

You: "Publish a blog about Python tips"
AI: [Uses env vars, publishes]

With AI Content Generation

export BEAR_BLOG_EMAIL="[email protected]"
export BEAR_BLOG_PASSWORD="secret"
export OPENAI_API_KEY="sk-..."

You: "Write and publish a blog about Python asyncio"
AI: [Generates content with OpenAI, publishes]

With Runtime Parameters

# In your chat bot code
email = get_user_email()  # Ask user
password = get_user_password()  # Ask user

publisher = BearBlogPublisher(email=email, password=password)
result = publisher.publish(title="My Post", content="# Content")

Implementation

  • Uses Bear Blog web API
  • CSRF token authentication
  • Session-based (no persistent storage)
  • Playwright for diagram generation
  • OpenAI/Kimi API for content generation

License

MIT

Usage Guidance
This skill appears to do what it says: publish posts to Bear Blog, optionally generate AI content, and generate diagrams via Playwright. Before installing, consider: 1) Prefer environment variables or runtime parameters over putting credentials into ~/.openclaw/openclaw.json (that file would store plaintext credentials if you choose Method 1). 2) Diagram generation will download Playwright browsers (~100MB) and create /tmp/diagram.html and /tmp/diagram.png; avoid enabling diagrams on multi-tenant/shared CI runners if you worry about leftover temp files. 3) Verify you trust the skill source (package.json points to a GitHub repo; confirm it matches what you expect). 4) If you plan to enable AI generation, only set OPENAI_API_KEY/KIMI_API_KEY in secure environments. 5) If you need higher assurance, review the rest of publish.py (file truncated in listing) and the referenced upload endpoints to ensure they match Bear Blog's documented APIs. Overall: coherent and proportionate, but follow the credential and environment cautions above.
Capability Analysis
Type: OpenClaw Skill Name: bear-blog-publisher Version: 1.0.13 The skill is classified as suspicious due to several documented security considerations that, while transparently disclosed, represent potential vulnerabilities. Specifically, the `scripts/publish.py` code implements a credential resolution mechanism that allows for plaintext password storage in `~/.openclaw/openclaw.json` if the user chooses this method, although it does include a warning if file permissions are insecure. Additionally, the `generate_diagram` function in `scripts/publish.py` uses Playwright with the `--no-sandbox` flag, which is a known security risk for browser isolation, even though the skill mitigates this by only loading local HTML files. These are vulnerabilities and risky operational choices, not clear evidence of malicious intent.
Capability Assessment
Purpose & Capability
The skill claims to publish to Bear Blog and its code implements Bear Blog login, post upload, optional image upload, and optional AI content generation (OpenAI/Kimi). Requiring Bear Blog email/password and optional OpenAI/KIMI API keys aligns with the stated functionality.
Instruction Scope
SKILL.md and the code stay within publishing/diagram-generation scope. The instructions read credentials from runtime args, env vars, or ~/.openclaw/openclaw.json (expected). The skill writes temporary files to /tmp for diagram generation and does not explicitly delete them (files are overwritten), which is documented but worth noting. The README/README claims 'no persistent credential storage' conflicts with the documented config-file authentication option (which does store plaintext credentials if chosen).
Install Mechanism
There is no external arbitrary-download installer in the registry metadata; package.json includes Python dependency installation and a Playwright browser install step ('playwright install chromium') which is expected for HTML-to-image generation. Playwright's browser download (~100MB) is noted in SKILL.md and README.
Credentials
Requested secrets are limited and proportional: Bear Blog email/password for login, and optional OPENAI_API_KEY or KIMI_API_KEY for AI generation. No unrelated credentials or broad system secrets are requested.
Persistence & Privilege
The skill does not request permanent/always-on privileges (always: false). It does not attempt to modify other skills or system-wide config beyond reading a per-user OpenClaw config file (~/.openclaw/openclaw.json) if present.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bear-blog-publisher
  3. After installation, invoke the skill by name or use /bear-blog-publisher
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.13
- No file changes detected in this version. - Documentation and feature set remain unchanged from the previous release.
v1.0.12
- Added example blog draft and screenshots: blog-draft.md, blog-published.png, feishu-credentials.png, feishu-request.png, feishu-success.png - Added Python bytecode file for publish script: scripts/__pycache__/publish.cpython-312.pyc
v1.0.11
- No code or documentation changes were detected in this version. - Skill functionality and documentation remain unchanged.
v1.0.10
- No user-facing changes in this release. - No file changes detected; documentation and functionality remain unchanged.
v1.0.9
- No changes detected in this release. - All features and documentation remain the same as the previous version.
v1.0.8
- Added documentation and instructions for optional AI content generation via OpenAI and Kimi APIs. - Improved clarity and structure in the overview and authentication sections. - Updated example usage to include AI-powered blogging scenarios. - Enhanced documentation of the diagram generation process and security considerations. - No changes to code; documentation updates only.
v1.0.7
- Added a new "Security Considerations" section to SKILL.md, detailing browser download, temporary files, sandboxing, and plaintext password storage. - No code or functionality changes; documentation update only.
v1.0.6
No changes detected in this version.
v1.0.5
No changes detected in this version. - No file or documentation updates. - Functionality and usage remain unchanged.
v1.0.4
- No file changes detected in this version. - No new features, fixes, or documentation updates included. - This release preserves the current functionality and documentation.
v1.0.3
- Expanded documentation of authentication methods, detailing OpenClaw config, environment variables, and runtime parameters. - Introduced a clear priority order for credential sources. - Improved security guidance with file permission and credential handling best practices. - Updated capabilities and example usages for clarity. - No changes to code or core functionality.
v1.0.2
Version 1.0.2 of bear-blog-publisher - No file changes detected in this release. - Functionality remains unchanged from the previous version.
v1.0.1
- Updated security approach: recommends using credentials only for the session or environment variables instead of storing passwords in plaintext config files. - Improved instructions for providing credentials, clarifying they are not stored. - Revised description to highlight support for both AI-generated and user-provided content. - Streamlined usage steps and examples for clarity. - Removed the requirement and details about saving credentials in config files.
v1.0.0
Initial release with auto-publish, diagram generation, and flexible auth
Metadata
Slug bear-blog-publisher
Version 1.0.13
License
All-time Installs 1
Active Installs 0
Total Versions 14
Frequently Asked Questions

What is Bear Blog Publisher?

Publish blog posts to Bear Blog platform. Supports user-provided markdown, AI-generated content, and auto-generated diagrams. It is an AI Agent Skill for Claude Code / OpenClaw, with 842 downloads so far.

How do I install Bear Blog Publisher?

Run "/install bear-blog-publisher" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bear Blog Publisher free?

Yes, Bear Blog Publisher is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Bear Blog Publisher support?

Bear Blog Publisher is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bear Blog Publisher?

It is built and maintained by CatTalk (@cattalk2); the current version is v1.0.13.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments