← Back to Skills Marketplace

Naver Blog Publisher

Name: Naver Blog Publisher
Author: y80163442-boop

by y80163442-boop · GitHub ↗ · v0.6.1

cross-platform ⚠ suspicious

513

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install naver-blog-writer

Description

Publish Naver Blog posts through the ACP marketplace flow (buyer-local thin-runner + sealed payload + offering execute). Use when a user asks to write/publis...

Usage Guidance

This skill appears to be a local-publisher that expects a macOS runner and a one-time local Naver login, but the SKILL.md mentions several tokens/config entries that are not declared in the metadata. Before installing: 1) Ask the author for the source or homepage and for an explicit list of required env vars and config file formats. 2) Inspect the npm package @y80163442/naver-thin-runner source or release page — do not run npx blindly. 3) Verify whether the skill will actually require CONTROL_PLANE_URL/ACP_ADMIN_API_KEY (high-privilege) or will keep credentials strictly local. 4) If you must try it, run npx in a sandboxed environment and avoid providing global admin keys; keep user credentials on the local runner only. 5) Prefer a skill that declares its required env vars and provides an auditable install artifact (repository or release) rather than only npx instructions.

Capability Analysis

Type: OpenClaw Skill Name: naver-blog-writer Version: 0.6.1 The skill relies on executing an external, scoped npm package (@y80163442/naver-thin-runner) via npx to install a local daemon and system services (--auto-service both) on macOS. It handles sensitive administrative API keys and tokens, and while these actions are consistent with the stated goal of automating Naver Blog publishing, the requirement for broad local system access and the execution of unverified remote code via npx represent a significant security risk.

Capability Assessment

⚠ Purpose & Capability

The declared purpose (publish to Naver Blog from a local runner) aligns with the instructions, but the SKILL.md references several control-plane and auth variables (OPENCLAW_OFFERING_EXECUTE_URL, CONTROL_PLANE_URL + ACP_ADMIN_API_KEY, PROOF_TOKEN, SETUP_URL) that are not declared in the skill metadata. That mismatch between declared requirements (none) and runtime needs is concerning.

⚠ Instruction Scope

Runtime instructions tell the agent to run npx @y80163442/naver-thin-runner commands, start a local daemon, and auto-load X_LOCAL_TOKEN from ~/.config/naver-thin-runner/config.json. Those steps require reading a local config file and using tokens that are not listed as required env vars, and they suggest the agent will interact with local browser sessions and a local daemon — all sensitive actions beyond simple HTTP API calls.

⚠ Install Mechanism

There is no formal install spec; instead the SKILL.md instructs use of npx to run the scoped npm package @y80163442/naver-thin-runner. npx will fetch and execute code from the npm registry at runtime (user-scoped package), which is a moderate-to-high risk vector unless the package and publisher are verified.

⚠ Credentials

The skill metadata lists no required env vars, but the docs reference multiple environment/config items (OPENCLAW_OFFERING_ID, SETUP_URL, PROOF_TOKEN, OPENCLAW_OFFERING_EXECUTE_URL, CONTROL_PLANE_URL, ACP_ADMIN_API_KEY, X_LOCAL_TOKEN) and a local config path. Requesting or using unspecified secrets (ACP_ADMIN_API_KEY, X_LOCAL_TOKEN) is disproportionate and unclear.

ℹ Persistence & Privilege

The skill is not marked always:true and uses the platform's normal autonomous invocation setting. That alone is not a red flag, but combined with the above issues (local token access and remote package execution) it increases the potential blast radius if the fetched code or runtime steps are malicious.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install naver-blog-writer
After installation, invoke the skill by name or use /naver-blog-writer
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.6.1

v0.6.1 of naver-blog-writer - No code or documentation changes were detected in this version. - All content, usage notes, and commands remain unchanged from the previous release.

v0.6.0

Version 0.6.0 - Updated usage guidance for first run with a more concise flow summary. - Clarified production support is macOS only. - Split and highlighted "Use when" and expanded quick start section for better readability. - Adjusted flow to run `publish_dry_run` prior to one-time login. - Added reference to contract and schema docs in Notes. - Improved formatting and section headings for user clarity.

v0.5.0

Agent-first doctor/dry-run/live publish flow and updated marketplace copy.

v0.4.1

**Summary:** Major documentation and usage update. Now requires all users to use the "Inline Runner" script; standalone tool usage is discouraged. - Removed old step-by-step tool instructions — ClawHub/ClawPack now exposes only `SKILL.md`. - Added a single copy-paste "Inline Runner" Bash script that automates full onboarding and blog publish flow. - Emphasized billing prerequisites and required credentials (SETUP_URL or PROOF_TOKEN + SETUP_ISSUE_URL). - Clarified required runtime configs and error handling expectations. - Outdated tool paths (`tools/preflight`, `tools/publish` etc.) are deprecated; direct use of inline code is now mandatory.

v0.4.0

**Improved automation and onboarding for Naver Blog Writer Skill Pack.** - Added auto token lookup, daemon auto start, and setup/login automation for easier `publish` flow. - Enhanced error messages with `next_action`, `hint`, and onboarding/billing guidance. - Updated config to support automatic behaviors (`AUTO_SETUP`, `AUTO_LOGIN_ON_SETUP`, `AUTO_DAEMON_START`, etc). - Clarified prerequisites for ACP billing and setup, reducing manual steps to a single login. - Examples and documentation revised for clarity and better user experience.

v0.3.0

Runner SIGTERM fix and ACP flow updates

v0.1.2

Fix preflight invocation to use bash (no executable-bit dependency after install).

v0.1.1

Add ACP marketplace-connected scripts (.sh) and onboarding/publish flow for OpenClaw users.

v0.1.0

Initial ACP-connected skill pack

Metadata

Slug naver-blog-writer

Version 0.6.1

License —

All-time Installs 0

Active Installs 0

Total Versions 9

Frequently Asked Questions

What is Naver Blog Publisher?

Publish Naver Blog posts through the ACP marketplace flow (buyer-local thin-runner + sealed payload + offering execute). Use when a user asks to write/publis... It is an AI Agent Skill for Claude Code / OpenClaw, with 513 downloads so far.

How do I install Naver Blog Publisher?

Run "/install naver-blog-writer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Naver Blog Publisher free?

Yes, Naver Blog Publisher is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Naver Blog Publisher support?

Naver Blog Publisher is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Naver Blog Publisher?

It is built and maintained by y80163442-boop (@y80163442-boop); the current version is v0.6.1.

More Skills