← Back to Skills Marketplace
258
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install 07
Description
为AI Agent提供完整的互联网访问能力,支持多个主流平台
README (SKILL.md)
互联网访问技能
为AI Agent提供完整的互联网访问能力,支持Twitter、YouTube、Reddit、小红书等平台。
技能描述
提供多个主流互联网平台的数据访问能力,包括Twitter、YouTube、Reddit、小红书、B站等。使用开源工具,零API费用,支持Cookie加密存储和安全审计。
使用场景
- 用户:"搜索Twitter上的AI新闻" → 获取最新推文
- 用户:"获取这个YouTube视频的字幕" → 下载视频字幕
- 用户:"Reddit上关于Python的讨论" → 获取相关帖子
- 用户:"小红书上有哪些穿搭推荐" → 搜索笔记内容
工具和依赖
工具列表
位于 channels/ 目录:
twitter.py:Twitter访问模块youtube.py:YouTube访问模块reddit.py:Reddit访问模块xiaohongshu.py:小红书访问模块bilibili.py:B站访问模块web.py:网页搜索模块
API密钥
部分平台需要Cookie:
- Twitter:需要Cookie(必须登录)
- 小红书:需要Cookie(必须登录)
- YouTube:可选代理(海外IP限制)
- Reddit:无需配置
- B站:无需配置
外部依赖
- Python 3.10+
- yt-dlp(YouTube)
- bird(Twitter,可选)
配置说明
安装方法
cd 07-互联网访问
bash install.sh
平台配置
Twitter:
# 导出Cookie
python cookie_extract.py twitter
# 或手动设置
export TWITTER_COOKIE="your_cookie_here"
YouTube:
# 安装yt-dlp
pip install yt-dlp
# 可选:配置代理
export YOUTUBE_PROXY="socks5://127.0.0.1:1080"
小红书:
# 导出Cookie
python cookie_extract.py xiaohongshu
Reddit:无需配置,直接使用
B站:无需配置,直接使用
Cookie加密存储
# 加密Cookie
python security/encrypt_cookies.py import --file cookies.json
# 使用时解密
python security/encrypt_cookies.py decrypt
使用示例
场景1:Twitter搜索
用户:"搜索Twitter上的AI新闻"
AI:
from channels.twitter import TwitterChannel
twitter = TwitterChannel()
tweets = twitter.search("AI news", limit=10)
# 返回:推文列表,包含内容、作者、时间等
场景2:YouTube字幕
用户:"获取这个YouTube视频的字幕" 链接:https://youtube.com/watch?v=xxx
AI:
from channels.youtube import YouTubeChannel
youtube = YouTubeChannel()
subtitles = youtube.get_subtitles("video_id")
# 返回:视频字幕文本
场景3:Reddit讨论
用户:"Reddit上关于Python的讨论"
AI:
from channels.reddit import RedditChannel
reddit = RedditChannel()
posts = reddit.search("Python", subreddit="learnprogramming", limit=20)
# 返回:帖子列表,包含标题、内容、评论等
场景4:小红书搜索
用户:"小红书上有哪些穿搭推荐"
AI:
from channels.xiaohongshu import XiaohongshuChannel
xhs = XiaohongshuChannel()
notes = xhs.search("穿搭", limit=10)
# 返回:笔记列表,包含内容、图片、点赞等
场景5:网页搜索
用户:"搜索最新的AI新闻"
AI:
from channels.web import WebChannel
web = WebChannel()
results = web.search("最新AI新闻")
# 返回:搜索结果,包含标题、链接、摘要
安全特性
Cookie加密存储
# 加密Cookie
python security/encrypt_cookies.py import --file cookies.json --password "your-password"
# 轮换密钥(建议每月)
python security/encrypt_cookies.py rotate
审计监控
# 生成安全报告
python security/audit_monitor.py report --days 7
# 实时监控
python security/audit_monitor.py monitor
依赖安全检查
# 完整检查
python security/dependency_check.py full
# 建立基线
python security/dependency_check.py baseline
支持的平台
| 平台 | 功能 | Cookie | 备注 |
|---|---|---|---|
| 推文搜索、用户信息 | ✅ 需要 | 免费API有频率限制 | |
| YouTube | 字幕、评论、元数据 | ❌ 不需要 | 可选代理 |
| 帖子搜索、评论 | ❌ 不需要 | 公开API | |
| 小红书 | 笔记搜索、用户信息 | ✅ 需要 | 需要登录 |
| B站 | 视频信息、弹幕 | ❌ 不需要 | 公开API |
| 网页搜索 | 搜索引擎集成 | ❌ 不需要 | DuckDuckGo等 |
故障排除
问题1:Twitter认证失败
现象:提示认证失败
解决:
# Cookie可能过期,重新导出
python cookie_extract.py twitter
问题2:YouTube无法访问
现象:连接超时
解决:
# 配置代理
export YOUTUBE_PROXY="socks5://127.0.0.1:1080"
问题3:依赖安装失败
现象:pip install报错
解决:
# 运行依赖检查
python security/dependency_check.py full
问题4:Cookie解密失败
现象:无法解密Cookie
解决:
# 删除密钥重新导入
rm ~/.config/agent-reach/.key
python security/encrypt_cookies.py import --file cookies.json
安全最佳实践
✅ 推荐做法
- 使用专用账号,不要使用主账号的Cookie
- 定期轮换Cookie(每月一次)
- 始终使用加密存储
- 使用可信代理或VPN
- 每周运行一次安全检查
❌ 避免做法
- 不要在公共网络运行
- 不要将Cookie提交到Git
- 不要使用免费代理
- 不要过度请求(避免封号)
- 不要分享Cookie给他人
注意事项
- 请求频率:各平台有频率限制,避免过度请求
- Cookie安全:Cookie是敏感信息,务必加密存储
- 代理使用:访问YouTube等平台可能需要代理
- 法律合规:遵守各平台的使用条款和法律法规
- 数据使用:抓取的数据仅供个人使用,不得商用
Usage Guidance
This package appears to be what it says: a local toolset to let an AI agent read/search internet platforms. Before installing, consider the following:
- Sensitive operations: it can read local browser cookies (via browser_cookie3) and asks you to import cookie strings for logged-in access. Those cookies grant account-level access — do NOT provide main-account cookies. Use dedicated throwaway accounts where possible.
- Inspect cookie storage: the skill writes config/cookie files under ~/.agent-reach and ~/.config/agent-reach; verify those files and permissions (chmod 600) after install. The repo includes an encrypt_cookies helper — prefer encrypted storage and test decrypt locally before trusting.
- Third-party software: the installer recommends npm globals (bird, mcporter), pip packages (yt-dlp, playwright), and Docker images (xpzouying/xiaohongshu-mcp). These introduce normal supply-chain risk; review those upstream projects and avoid untrusted packages. Running docker images pulls code from Docker Hub — review image provenance.
- Network endpoints: the integration expects to register MCP endpoints (e.g., https://mcp.exa.ai) and may call mcporter to talk to remote MCP servers. If you require data locality, avoid configuring remote MCP services or run your own trusted services.
- Least privilege: run the installer in a constrained environment (virtualenv, container, or throwaway VM) if you want to limit blast radius. Review install.sh before running and prefer safe/dry-run modes.
- Audit and testing: run the provided security/audit and dependency checks (python security/dependency_check.py full and audit_monitor) after install; review logs and ensure no unexpected outbound connections are happening.
If you need further help, I can point out the exact files that read/write cookies, the code path that uploads or calls remote MCP endpoints, or produce a short checklist of commands to sandbox the install.
Capability Analysis
Type: OpenClaw Skill
Name: 07
Version: 1.0.0
The skill bundle provides internet access for AI agents but includes high-risk behaviors, most notably the automated extraction of browser cookies (Twitter, Bilibili, XiaoHongShu) via `cookie_extract.py` using the `browser_cookie3` library. The installation process in `install.sh` and `cli.py` performs broad system modifications, including installing global NPM packages, executing remote scripts (`curl | bash` for Node.js), and modifying the user's `~/.bashrc` for proxy settings. While the bundle includes security-oriented features like AES-256-GCM encryption for stored cookies (`security/encrypt_cookies.py`) and an audit monitor (`security/audit_monitor.py`), the automated harvesting of sensitive session data and persistent system changes meet the threshold for a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description promise full internet access and the repo contains channel modules (Twitter, YouTube, Reddit, 小红书, B站, web, etc.), cookie extraction, cookie encryption, installation and doctor tooling. Required binaries/env vars are not declared (optional tools are discovered at runtime), which is reasonable for a multi-backend connector that uses optional upstream CLIs and Docker/MCP services.
Instruction Scope
SKILL.md and CLI instruct the agent / user to extract browser cookies, import them, install yt-dlp/bird/mcporter/gh, and optionally configure proxies and Docker MCP services. These instructions reference reading local browser cookies and writing config (~/.agent-reach, ~/.config/agent-reach), which is necessary for logged-in platform access but is a high-sensitivity operation. The skill also documents how to encrypt cookies and run audits, which is appropriate mitigation.
Install Mechanism
No registry install spec in metadata, but an included install.sh drives installation (pip installs from requirements.txt, optional npm installs like mcporter/bird, and Docker image pulls such as xpzouying/xiaohongshu-mcp). These are expected for the stated capability; they do introduce normal supply-chain/third‑party risks (npm, Docker Hub, external MCP endpoints). No obscure or shortener URLs are used in the main scripts.
Credentials
The skill declares no required environment variables, and requests no unrelated credentials. It does, however, legitimately ask for sensitive artifacts: browser cookies (Twitter/X, 小红书, Bilibili) and optional API keys/proxies (Groq key, Reddit proxy). Those are proportionate to the features offered but represent high-value secrets that the user must protect. The code stores credentials/config in ~/.agent-reach and ~/.config/agent-reach and attempts to restrict file permissions; inspect that behavior if you have stricter policies.
Persistence & Privilege
The skill does not set always:true and does not modify other skills. The installer will write files to user home directories (config, run.sh, test.sh) and the CLI attempts to create an OpenClaw/Claude skill entry under ~/.openclaw/skills etc. This is expected for a local agent integration and not excessive by itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install 07 - After installation, invoke the skill by name or use
/07 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
web-access 1.0.0 - 首发版本,赋能AI Agent以完整互联网数据访问能力。
- 支持 Twitter、YouTube、Reddit、小红书、B站等主流平台的数据抓取。
- 零API费用,部分平台要求用户登录后导出Cookie,支持加密安全存储。
- 提供网页搜索、字幕提取、内容检索、笔记和视频信息等多种能力。
- 内置安全审计、Cookie加密、依赖检查等安全机制。
- 提供详细配置指引、常见问题排查和安全最佳实践。
- 适用于新闻搜索、内容聚合、字幕下载、社交讨论抓取等多种场景。
Metadata
Frequently Asked Questions
What is 07 互联网访问?
为AI Agent提供完整的互联网访问能力,支持多个主流平台. It is an AI Agent Skill for Claude Code / OpenClaw, with 258 downloads so far.
How do I install 07 互联网访问?
Run "/install 07" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 07 互联网访问 free?
Yes, 07 互联网访问 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 07 互联网访问 support?
07 互联网访问 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 07 互联网访问?
It is built and maintained by nidhov01 (@nidhov01); the current version is v1.0.0.
More Skills