← Back to Skills Marketplace
danielfoch

Podcast to Substack

by danielfoch · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
796
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install podcast-to-substack
Description
Publish podcast episodes from RSS and Notion to Substack with Apple Podcasts embeds and images, then generate LinkedIn-ready companion posts.
Usage Guidance
This skill appears to implement exactly the podcast → Substack → LinkedIn workflow described, but the metadata omitted important details. Before installing or running it: 1) Confirm you'll provide a Notion API key (NOTION_API_KEY) and understand that the script will look for ~/.config/notion/api_key as a fallback. 2) Determine how Substack and LinkedIn publishing will be authenticated (this skill does not declare or implement those credentials). 3) Run the scripts in an isolated environment (container or dedicated VM) because they will download images from external URLs and may pip-install feedparser at runtime. 4) Inspect the scripts yourself (they are included) to confirm you are comfortable with network calls to Notion and arbitrary image hosts. 5) If you plan to let an agent invoke this autonomously, add explicit checks or logging for what gets published and which accounts are used. If you want me to, I can produce a checklist of the exact credentials/configuration to add to the skill metadata and a minimal wrapper to safely sandbox runtime installs and network access.
Capability Analysis
Type: OpenClaw Skill Name: podcast-to-substack Version: 1.0.0 The skill bundle is suspicious primarily due to potential shell injection vulnerabilities in `SKILL.md`. The markdown instructs the AI agent to execute `python3` scripts with user-provided inputs (`$RSS_URL`, `EPISODE_NUMBER`) directly within bash commands. If the AI agent does not properly sanitize these inputs before execution, an attacker could inject arbitrary shell commands. While the Python scripts themselves do not show explicit malicious intent, this execution pattern represents a significant vulnerability. Additionally, `scripts/fetch_notion_episode.py` downloads images from external URLs and saves them to a local directory, which, while defaulting to a safe path, could pose a path traversal risk if the `--download-dir` argument were user-controlled.
Capability Assessment
Purpose & Capability
The name/description (publish podcast episodes from RSS + Notion to Substack and generate LinkedIn posts) aligns with the included scripts: fetch_rss.py, fetch_notion_episode.py, render_linkedin_post.py, and a small shell helper for Apple Podcasts. Nothing in the code asks for unrelated cloud provider credentials or system-level access. However the skill metadata lists no required environment variables while the SKILL.md and the Notion fetcher explicitly require a NOTION_API_KEY and fallback to ~/.config/notion/api_key; Substack/LinkedIn publish access is noted as an input but not declared in the registry. That mismatch between declared requirements and actual operations is a proportionality/information gap.
Instruction Scope
The SKILL.md contains explicit, narrow runtime steps (run fetch_rss, fetch_notion_episode which recursively traverses Notion blocks and downloads images, build/publish via Substack playbook, render LinkedIn post). These steps stay within the stated publishing/cross-posting scope. Caveats: the instructions reference reading a local Notion API key file (~/.config/notion/api_key) and performing image downloads to local disk; they also leave posting/queuing LinkedIn and publishing to Substack as manual/unspecified steps (credentials/automation details for Substack/LinkedIn are not documented). The scripts will open network connections to Notion and to image URLs; this is expected but should be acknowledged.
Install Mechanism
There is no install spec (instruction-only install), so nothing is written to disk at install time beyond the included scripts. One script (fetch_rss.py) dynamically pip-installs feedparser if it's missing via subprocess.check_call; that is a runtime install behavior rather than a preinstall step. No downloads from opaque URLs or archive extraction are present.
Credentials
The registry lists no required env vars or primary credential, but the SKILL.md and fetch_notion_episode.py require a Notion API key (NOTION_API_KEY or ~/.config/notion/api_key). The skill also expects 'Substack publish access' and to be able to post/queue LinkedIn content, which implies additional credentials or OAuth tokens that are not declared. Requesting a workspace API key that grants read access to Notion pages is legitimate for the stated purpose, but the omission from metadata is a mismatch and increases risk because the platform/action gate can't surface the needed secrets to the user. Downloads of images from arbitrary URLs (present in page content) are also performed and stored locally; while expected, this means the skill will fetch external content using your system's network egress.
Persistence & Privilege
The skill does not request permanent automatic inclusion (always: false) and does not modify other skills or global agent settings. It writes files (downloaded images, created drafts) into working directories when run, which is normal for this workflow. The agent-autonomous-invocation flag is at its default; that alone is not a concern and is expected for actionable skills.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install podcast-to-substack
  3. After installation, invoke the skill by name or use /podcast-to-substack
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial OpenClaw release.
Metadata
Slug podcast-to-substack
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Podcast to Substack?

Publish podcast episodes from RSS and Notion to Substack with Apple Podcasts embeds and images, then generate LinkedIn-ready companion posts. It is an AI Agent Skill for Claude Code / OpenClaw, with 796 downloads so far.

How do I install Podcast to Substack?

Run "/install podcast-to-substack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Podcast to Substack free?

Yes, Podcast to Substack is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Podcast to Substack support?

Podcast to Substack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Podcast to Substack?

It is built and maintained by danielfoch (@danielfoch); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments