← Back to Skills Marketplace

Follow

Name: Follow
Author: ivangdavila

by Iván · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

765

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install follow

Description

Monitor content from people, topics, and sources across platforms with smart filtering, tiered alerts, and searchable archives.

README (SKILL.md)

Workspace

~/follow/
├── sources/           # One file per followed entity
│   ├── people/        # @naval.md, @dhh.md
│   ├── topics/        # ai-safety.md, rust.md
│   └── feeds/         # techcrunch.md, hn-frontpage.md
├── archive/           # Captured content by date
│   └── YYYY-MM/
├── alerts.md          # Alert configuration
└── index.md           # Quick status: what's being followed

Quick Reference

Task	Load
Add/configure sources	`sources.md`
Set up filtering rules	`filtering.md`
Configure alert tiers	`alerts.md`
Query archived content	`querying.md`
Platform-specific setup	`platforms.md`

Core Loop

Add source: User names person/topic/feed → create tracking file
Monitor: Check sources on schedule (cron) or on-demand
Filter: Apply relevance rules, skip noise
Store: Archive what matters (summaries, not full dumps)
Alert: Notify based on tier (immediate/daily/weekly/passive)
Query: Answer "what did X say about Y?" from archive

Common Patterns

User says	Agent does
"Follow @naval on Twitter"	Create `sources/people/naval.md`, configure Twitter monitoring
"Track AI safety discussions"	Create topic tracker with keywords across multiple sources
"What has Competitor X posted this week?"	Query archive, synthesize summary
"Alert me immediately when Y happens"	Add to high-priority tier in `alerts.md`
"Give me a weekly digest of everything"	Configure weekly summary in alerts
"Stop following X"	Archive and mark inactive

Capture Principles

Summaries over full content — save space, stay legal
Links + timestamps always — retrievable later
Context for why it matters — not just "X posted"
Deduplicate across sources — same news from 5 places = 1 entry

Usage Guidance

This skill's documentation describes monitoring many platforms, scraping fallbacks, downloading videos (yt-dlp), transcribing, and writing an archive in ~/follow — but the package declares no binaries, installs, or credentials. Before installing or trusting this: - Ask the author to clarify required binaries (e.g., yt-dlp, ffmpeg), third-party services, and exact install steps. - Confirm what credentials are needed for each platform and insist they be declared (and limited to read-only tokens where possible). Do not hand over full account passwords; prefer per-service API tokens with minimum scopes. - Decide whether you permit scraping or storing paywalled/private content; get a retention/encryption policy for the archive (~follow). - If the agent will schedule cron jobs or write files, confirm where those run (your machine, a hosted agent) and what permissions they have. - Test first with non-sensitive, public sources and a small follow list to observe behavior. Given the mismatches, treat this skill as untrusted until the missing operational details and credential requirements are clarified.

Capability Analysis

Type: OpenClaw Skill Name: follow Version: 1.0.0 The skill bundle is classified as suspicious due to its reliance on high-risk capabilities, particularly the explicit mention of executing external command-line tools like `yt-dlp` and 'Telegram export tools' (in `platforms.md`). While these are described as part of the skill's legitimate content monitoring function, they introduce a significant attack surface for potential shell injection vulnerabilities if user-provided input is not rigorously sanitized. The skill also requires extensive network access for fetching content and file system access for archiving, which, if mishandled, could lead to other security flaws. However, there is no clear evidence of intentional malicious behavior such as data exfiltration, persistence, or unauthorized remote control designed into the skill's instructions or logic.

Capability Assessment

⚠ Purpose & Capability

The skill claims to monitor many platforms (Twitter/X, YouTube, LinkedIn, Telegram, GitHub, Substack, RSS, etc.) and to use APIs or tools (yt-dlp, Nitter scraping, RSS, GitHub API). Yet the metadata lists no required binaries, no install steps, and no required credentials. Legitimately using many of these integrations typically requires API keys, account logins, or binaries (yt-dlp, ffmpeg) — the lack of declared requirements is inconsistent with the stated purpose.

⚠ Instruction Scope

SKILL.md and companion docs instruct the agent to create files under ~/follow, run scheduled monitoring (cron) or on-demand checks, scrape or use APIs, archive captured content, and transcribe long-form media. Those instructions imply filesystem read/write, network requests to third-party services (including scraping fallbacks like Nitter), and potential handling of paywalled or account-only content (LinkedIn, Substack paywalls, private Telegram channels). The instructions do not limit or clarify what counts as acceptable scraping, what credentials are needed, or how to avoid private-data access — granting broad discretion to the agent.

ℹ Install Mechanism

This is instruction-only with no install spec, which is low-risk by itself. However, the docs explicitly mention external CLI tools/services (yt-dlp, Nitter) and monitoring approaches that normally require binaries or third-party endpoints. Because there is no install section, it's unclear whether the agent expects these tools to already exist or will attempt ad-hoc installs; that ambiguity increases operational risk.

⚠ Credentials

The skill declares no required environment variables or primary credential, yet the instructions repeatedly reference API-based access and account-bound methods (Twitter/X API, GitHub API, Telegram bots, LinkedIn login, Substack subscriptions). Requesting no credentials is disproportionate: to function as described the skill will need some tokens/accounts. This mismatch could lead either to silent failures or to ad-hoc prompts/requests for credentials at runtime — a privacy and security concern.

ℹ Persistence & Privilege

always:false (no forced persistence) and no install spec. The skill intends to create a workspace under ~/follow and schedule monitoring (cron suggested), which grants it ongoing local storage and potentially scheduled execution. That is a normal pattern for a monitoring tool but should be explicit: the skill doesn't declare cron setup steps or where scheduled jobs run, which leaves room for confusion about persistence and privilege.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install follow
After installation, invoke the skill by name or use /follow
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release

Metadata

Slug follow

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Follow?

Monitor content from people, topics, and sources across platforms with smart filtering, tiered alerts, and searchable archives. It is an AI Agent Skill for Claude Code / OpenClaw, with 765 downloads so far.

How do I install Follow?

Run "/install follow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Follow free?

Yes, Follow is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Follow support?

Follow is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Follow?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.

More Skills