← Back to Skills Marketplace
Social Auto Poster
by
Quốc MODORO
· GitHub ↗
· v1.1.0
· MIT-0
138
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install social-auto-poster
Description
Automate posting content with images to LinkedIn, X/Twitter, Facebook, WordPress, and Substack via browser automation. Use when: (1) posting a new article or...
Usage Guidance
This skill appears internally consistent for automating posts, but before installing or using it you should: (1) verify the owner/source (no homepage provided) and prefer skills with a public repo/release; (2) inspect the image script (~/workspace/linkedin-assets/create-overlay-image.sh) — it will be executed and could run arbitrary shell commands; (3) prefer not to store credentials in world‑readable plaintext: restrict permissions on ~/.openclaw/.wp-[yoursite].env (chmod 600) or use a secrets store if available; (4) be aware the skill relies on long‑lived browser sessions — if the machine is multi‑user or exposed, an attacker with local access could reuse those sessions; (5) test on a throwaway account / VM first to confirm behavior; and (6) ask the publisher to: publish a source repo or homepage, add explicit steps to source the .env before API calls, and ideally support a safer credential mechanism. If you cannot inspect the image script and do not trust keeping browser sessions persistent, do not enable this skill.
Capability Analysis
Type: OpenClaw Skill
Name: social-auto-poster
Version: 1.1.0
The skill automates social media posting via browser automation and WordPress API calls, requiring high-privilege access such as reading local credentials from `~/.openclaw/` and executing a local shell script (`create-overlay-image.sh`). While the logic in `SKILL.md` and `references/platform-quirks.md` is consistent with its stated marketing purpose, the pattern of passing potentially unsanitized user content (quotes) directly to a shell script poses a shell injection risk. The skill's reliance on persistent browser sessions and stored WordPress Application Passwords makes it a high-risk component if the agent's environment is compromised.
Capability Assessment
Purpose & Capability
Name/description (cross‑platform auto‑posting) matches the runtime instructions: browser automation for LinkedIn, X, Facebook, Substack plus REST calls for WordPress and local image generation. The required files/paths and WordPress application password are coherent with posting functionality.
Instruction Scope
SKILL.md instructs only actions relevant to publishing (start/stop browser, ARM upload, create images, POST via WP API) and includes platform‑specific DOM workarounds. Two minor scope/clarity issues: (1) it asks you to create a ~/.openclaw/.wp-[yoursite].env file but never explicitly tells the agent to source it before curl commands (implied but should be explicit); (2) it requires you to place/execute an external image script (~/workspace/linkedin-assets/create-overlay-image.sh) which is not included — you must inspect that script before running.
Install Mechanism
Instruction-only skill (no install spec, no downloaded binaries, no code files that execute). This is low install risk — nothing is written to disk by the skill package itself.
Credentials
The only credential material the skill requires is a WordPress Application Password stored in a plaintext file under ~/.openclaw/.wp-[yoursite].env and browser sessions kept logged in. That is proportionate to the stated purpose but has security implications (plaintext credential file, long‑lived browser sessions). The skill does not request unrelated secrets or system credentials.
Persistence & Privilege
always:false (normal). The skill depends on persistent browser sessions (recommends not killing Chrome) and on files under /tmp and the user's workspace. Persistent sessions increase theft risk if the host is shared; nothing in the skill tries to change agent/system settings or modify other skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install social-auto-poster - After installation, invoke the skill by name or use
/social-auto-poster - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
**Expanded, clearer documentation and improved usability**
- Added detailed setup instructions for browser authentication and WordPress API usage.
- Documented ARM image overlay script usage and requirements.
- Provided step-by-step posting workflows for LinkedIn, X/Twitter, Facebook, WordPress, and Substack.
- Explained post verification and session management best practices.
- Clarified supported/unsupported features (no feed reading, DMs, analytics, or scheduling).
Metadata
Frequently Asked Questions
What is Social Auto Poster?
Automate posting content with images to LinkedIn, X/Twitter, Facebook, WordPress, and Substack via browser automation. Use when: (1) posting a new article or... It is an AI Agent Skill for Claude Code / OpenClaw, with 138 downloads so far.
How do I install Social Auto Poster?
Run "/install social-auto-poster" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Social Auto Poster free?
Yes, Social Auto Poster is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Social Auto Poster support?
Social Auto Poster is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Social Auto Poster?
It is built and maintained by Quốc MODORO (@quoc-modoro); the current version is v1.1.0.
More Skills