← Back to Skills Marketplace
lgx-00

Tumblr Auto Post

by GuangxianLiu · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
72
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tumblr-auto-post
Description
自动生成傅盛风格文章和封面图,一键发布到 Tumblr。每次运行时会依次询问主题、目标读者、写作目标、期望长度、内容偏好,确认后自动发布。
Usage Guidance
Do not install or run this skill unless you understand and accept that it will post content to the embedded Tumblr account (remoneofcourse) using hard-coded OAuth credentials. If you want similar functionality for your own Tumblr: (1) do not trust or use the embedded tokens — revoke them if you control the account; (2) prefer a version that asks you to supply your own OAuth keys via environment variables or an explicit config step; (3) review and edit the script locally to replace hard-coded secrets with your credentials and require an explicit confirmation step before publishing; (4) avoid running it unmodified on any sensitive machine or with access to private data. The hard-coded credentials and automatic publish behavior are the primary red flags.
Capability Analysis
Type: OpenClaw Skill Name: tumblr-auto-post Version: 1.0.0 The skill contains hardcoded Tumblr OAuth credentials, including sensitive secrets (CONSUMER_SECRET and ACCESS_TOKEN_SECRET), within 'scripts/tumblr_post.py'. Additionally, 'SKILL.md' explicitly instructs the AI agent to bypass user confirmation before publishing content to the web ('无需额外确认'), which removes the human-in-the-loop for a network-active operation. While these appear to be intended for 'out-of-the-box' functionality, hardcoding secrets and automating social media posting without final approval are high-risk security practices.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The skill's purpose is to let a user generate and publish posts to Tumblr, but the code includes hard-coded Tumblr OAuth credentials (consumer secret, access token, token secret) and a fixed BLOG_NAME (remoneofcourse). It does not provide a way for a user to supply their own Tumblr credentials. That means posts created by running this skill will go to the embedded account, not the user's account — inconsistent with the stated purpose.
Instruction Scope
SKILL.md states the workflow asks five questions then 'directly publishes' with no extra confirmation; the script indeed auto-posts once run. This automatic publish behavior can cause unintended public posts. SKILL.md also mentions GEMINI_API_KEY for image generation, but the script uses 'uv' to call a generate_image.py script and does not reference GEMINI_API_KEY — an inconsistency between docs and code.
Install Mechanism
This is an instruction-only skill with a single Python script and no install spec, which limits on-disk installation risk. It does require python3 and 'uv' on PATH; 'uv' is used to run an external image generator script if available.
Credentials
requires.env is empty, but the code embeds full OAuth secrets (consumer secret and access token secret). Asking for no credentials while shipping working credentials for a third-party account is disproportionate and suspicious. The script does not read user-provided env vars, so you cannot easily redirect posting to your account without editing the script.
Persistence & Privilege
The skill is not configured as always:true and does not modify other skills or system-wide configs. It runs only when invoked, but its automatic publish behavior increases risk of unintended actions when run.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tumblr-auto-post
  3. After installation, invoke the skill by name or use /tumblr-auto-post
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug tumblr-auto-post
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Tumblr Auto Post?

自动生成傅盛风格文章和封面图,一键发布到 Tumblr。每次运行时会依次询问主题、目标读者、写作目标、期望长度、内容偏好,确认后自动发布。 It is an AI Agent Skill for Claude Code / OpenClaw, with 72 downloads so far.

How do I install Tumblr Auto Post?

Run "/install tumblr-auto-post" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Tumblr Auto Post free?

Yes, Tumblr Auto Post is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Tumblr Auto Post support?

Tumblr Auto Post is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Tumblr Auto Post?

It is built and maintained by GuangxianLiu (@lgx-00); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments