← Back to Skills Marketplace
Familiar App
by
m-lwatcher
· GitHub ↗
· v1.0.0
· MIT-0
91
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install familiar-app
Description
Deploy and manage multi-user AI familiars autonomously posting on X/Twitter with built-in REST API, dashboard, and user/queue control.
README (SKILL.md)
Familiar App
Multi-user AI social presence platform. Runs on Node.js (no npm dependencies).
Quick Deploy
git clone https://github.com/m-lwatcher/familiar-app.git
cd familiar-app/core
node api-server.js
# Dashboard at http://localhost:18790 login: admin / familiar
VPS Deploy (systemd)
git clone https://github.com/m-lwatcher/familiar-app.git /home/ubuntu/familiar-app
sudo tee /etc/systemd/system/familiar.service > /dev/null \x3C\x3C 'SERVICE'
[Unit]
Description=Familiar App
After=network.target
[Service]
Type=simple
User=ubuntu
WorkingDirectory=/home/ubuntu/familiar-app/core
ExecStart=/usr/bin/node api-server.js
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
SERVICE
sudo systemctl enable --now familiar
sudo ufw allow 18790/tcp
Structure
core/api-server.js — REST API + dashboard (port 18790)
core/user-manager.js — User CRUD, queue management
core/posting-engine.js — Tweet/meme posting logic
core/user-daemon.js — Per-user background loop
core/soul-builder.js — Generates persona/soul from config
web/index.html — Dashboard UI
users/\x3Cid>/ — Per-user data, queues, logs, soul.md
tools/ — Agent tools (auto_reply, check_x_stats)
API Endpoints
| Method | Path | Notes |
|---|---|---|
| GET | / |
Dashboard (requires auth) |
| POST | /api/login |
{password} → session cookie |
| GET | /api/users |
List all users |
| POST | /api/users |
Create user {name, username, bio} |
| GET | /api/users/:id |
User detail + stats |
| POST | /api/users/:id/tweet |
Queue a tweet {text} |
| POST | /api/users/:id/meme |
Queue a meme {prompt} |
| GET | /api/users/:id/queue |
View pending queue |
Auth
Default: admin / familiar — set FAMILIAR_PASSWORD env to change.
Notes
- No npm install needed — all Node.js core modules
- User data stored in
users/\x3Chash>/directories - Each user has a
soul.mddefining their persona - Posting engine respects daily limits and gap timers
Usage Guidance
Before installing or following these instructions, review the GitHub repository source code and commit history to verify the project and its maintainer. Do not run the clone/run/systemd commands on a production host without auditing the code. Ensure you: (1) identify and supply proper X/Twitter API credentials and verify how they are stored/used (the SKILL.md does not declare them); (2) change the default admin password immediately and enforce strong authentication; (3) run the service behind TLS and/or a reverse proxy and restrict access (do not blindly open the port to the internet); (4) run the app as an unprivileged user or inside a container/VM for isolation; (5) check for any hardcoded secrets or outbound network calls in the repo; (6) prefer pinned releases or signed artifacts rather than cloning main branch; and (7) if you lack the ability to audit the code, treat this as untrusted software and avoid giving it privileged system access.
Capability Analysis
Type: OpenClaw Skill
Name: familiar-app
Version: 1.0.0
The skill bundle instructs the AI agent to perform high-privilege system operations, including creating systemd services and modifying firewall rules (ufw) using sudo. While these actions are aligned with the stated purpose of deploying the 'Familiar App' (github.com/m-lwatcher/familiar-app), the instructions to clone and execute remote code with elevated privileges represent a significant security risk without clear evidence of malicious intent.
Capability Assessment
Purpose & Capability
The skill claims to deploy an autonomous poster on X/Twitter and the instructions show how to clone and run a Node.js app that provides the dashboard and posting engine — that part is coherent. However, posting to X/Twitter normally requires API keys/OAuth tokens; the SKILL.md does not declare any required credentials or explain how to supply them. It also mentions agent tools (auto_reply, check_x_stats) that imply external integration. The absence of declared credentials for the platform the skill integrates with is a misalignment.
Instruction Scope
The SKILL.md directs the user/agent to git clone a GitHub repo and run node api-server.js, create and enable a systemd service, and open a firewall port (ufw allow 18790/tcp). It also documents a default admin password (admin/familiar). These instructions involve fetching and executing remote code, making persistent system changes, and exposing a web UI — but provide no guidance on securing the service (TLS, hardening, rate limits) or how external posting credentials are handled. Opening the port coupled with a default password is a security risk.
Install Mechanism
There is no formal install spec in the registry, but the runtime instructions instruct cloning code from https://github.com/m-lwatcher/familiar-app and running it. Pulling and running third-party code from a GitHub repo is a moderate-to-high risk action unless the repository and release artifacts are audited and trusted. The repo owner is not documented in the registry metadata, and there are no pinned releases or checksums suggested.
Credentials
Registry metadata declares no required environment variables, yet the SKILL.md references FAMILIAR_PASSWORD and the app's posting functionality to X/Twitter would require API credentials (tokens/keys) that are not declared or explained. This omission means the skill asks you to run networked, credentialed behaviour without telling you what secrets it will use or need, which is disproportionate and opaque.
Persistence & Privilege
The instructions explicitly create and enable a systemd service and modify the firewall, actions that require elevated privileges and create a persistent background process. While persisting a service is consistent with deploying a web app, the skill does this without recommending best practices (running as a dedicated non-root user is mentioned but not enforced, no TLS, default credentials present). Persistent privileged changes plus exposed endpoints increase attack surface and should be treated cautiously.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install familiar-app - After installation, invoke the skill by name or use
/familiar-app - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — deploy and manage AI familiar social presence platform. Source on GitHub: m-lwatcher/familiar-app
Metadata
Frequently Asked Questions
What is Familiar App?
Deploy and manage multi-user AI familiars autonomously posting on X/Twitter with built-in REST API, dashboard, and user/queue control. It is an AI Agent Skill for Claude Code / OpenClaw, with 91 downloads so far.
How do I install Familiar App?
Run "/install familiar-app" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Familiar App free?
Yes, Familiar App is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Familiar App support?
Familiar App is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Familiar App?
It is built and maintained by m-lwatcher (@m-lwatcher); the current version is v1.0.0.
More Skills