← Back to Skills Marketplace
Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS
by
RuslanLanket
· GitHub ↗
· v1.0.2
2136
Downloads
1
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install vk
Description
Manage VK.com (Vkontakte) community: post content (text, photos, videos) and handle messages. Use for automating community management via VK API.
Usage Guidance
This skill appears to be a straightforward VK CLI for community management, but stop and consider these points before installing or running it:
- The skill requires a VK Access Token (a 'User Token' with wide scopes). This is sensitive — treat it like a password. The package metadata does not declare this requirement, so don't assume the skill will protect or store your token safely.
- Passing the token as a command‑line argument (the examples do this) exposes it to process listings and shell history. Prefer providing the token via a secure environment variable, a file with restricted permissions, or other safer means.
- The documentation suggests using a third‑party site (vkhost.github.io) to obtain a permanent token. Verify the trustworthiness of any external token provider before entering credentials — better to create your own app or use official dev.vk.com flows if possible.
- Review scripts/vk_cli.js yourself (or run it in an isolated environment) to confirm it only talks to api.vk.com and VK upload URLs; there is no obfuscation, but you should verify network destinations and test with a least‑privilege token first (community token) where feasible.
- Because the manifest omitted the required credential declaration, be cautious: ask the publisher (or avoid installing) until the metadata accurately lists the required token and scopes.
If you proceed: run in a sandboxed environment, use a token with minimal scopes you need, avoid CLI token arguments, and verify the token provider and code before giving it full administrative (User Token) credentials.
Capability Analysis
Type: OpenClaw Skill
Name: vk
Version: 1.0.2
The skill is classified as suspicious due to its requirement for a highly privileged and permanent VK User Token (with `wall,groups,photos,video,messages,offline` scopes) and its direct file system and network access capabilities, even though these are plausibly needed for its stated purpose of VK community management. While the code itself (`scripts/vk_cli.js`) and documentation (`SKILL.md`, `references/api.md`) do not show clear evidence of intentional malicious behavior or prompt injection attempts against the agent, the broad permissions and access granted by the skill present a significant risk if the agent or token were compromised or misused.
Capability Assessment
Purpose & Capability
The skill's name, SKILL.md, and scripts/vk_cli.js all consistently implement VK community management (posting, uploads, long‑poll messaging). However the registry metadata declares no required credentials or environment variables while the SKILL.md explicitly requires a VK Access Token (a User Token with wide scopes). That metadata mismatch is an incoherence: a consumer would expect the required token to be declared in the skill manifest.
Instruction Scope
Runtime instructions are scoped to VK API actions (posting, uploads, messages, Long Poll). They do not request unrelated system files or other secrets. Two operational risks to note: (1) the SKILL.md shows passing the access token as a CLI argument (e.g., node scripts/vk_cli.js post $TOKEN ...), which exposes the token to process lists and shell history; (2) the docs recommend using a third‑party site (vkhost.github.io) to obtain a permanent User Token — relying on external token generators can be risky and should be verified.
Install Mechanism
No install spec is present (instruction-only with included script). Nothing is downloaded or executed automatically by an installer. The only executable artifact is scripts/vk_cli.js; no remote install URLs or extract operations were observed.
Credentials
The skill legitimately needs a VK access token with broad scopes (wall, groups, photos, video, messages, offline) to perform the advertised operations, but the skill metadata does not declare any required env vars or a primary credential. Requiring a full‑privilege User Token is proportionate to the capability but is sensitive — the manifest should explicitly declare this requirement and clarify minimum scopes. The recommendation to use an external token service increases risk if users hand credentials to an untrusted site.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to change other skills' configurations or persist across agents. It runs as a CLI script invoked by the user; autonomous invocation is allowed by default but is not combined with other high‑privilege red flags here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vk - After installation, invoke the skill by name or use
/vk - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Major update: Adds real-time monitoring (Long Poll) documentation.
- New "Real-time Monitoring (Long Poll)" section with setup and usage instructions.
- Highlights the need to enable Long Poll API in VK group settings.
- Documents the new `poll` command for instant message processing.
- Adds a note on recommended token permissions and how to obtain them.
- Other sections remain unchanged.
v1.0.1
- Updated SKILL.md to clarify requirements, emphasizing the use of a User Token for full VK API permissions.
- Added Russian-language instructions and examples for common commands.
- Improved documentation structure by listing requirements before workflows.
- Example commands and explanations updated for clarity and multilingual accessibility.
v1.0.0
- Initial release of VK community management skill.
- Post text, photos, and videos to VK community walls.
- Upload photo and video attachments via dedicated commands.
- Fetch and respond to VK community messages.
- Designed for use with VK API; requires Node.js and an appropriate access token.
Metadata
Frequently Asked Questions
What is Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS?
Manage VK.com (Vkontakte) community: post content (text, photos, videos) and handle messages. Use for automating community management via VK API. It is an AI Agent Skill for Claude Code / OpenClaw, with 2136 downloads so far.
How do I install Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS?
Run "/install vk" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS free?
Yes, Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS support?
Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS?
It is built and maintained by RuslanLanket (@ruslanlanket); the current version is v1.0.2.
More Skills