← Back to Skills Marketplace
81
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install weibo-ops
Description
Weibo (微博) write operations via DrissionPage + Chrome CDP. Post, delete, repost, comment, and like on weibo.com. Activate when user asks to publish/delete/re...
Usage Guidance
This skill automates a locally running Chrome to perform Weibo actions and does that by copying your Chrome profile (Cookies, Login Data, Local Storage, etc.) into /tmp and launching Chrome with remote debugging. Before installing or running it: 1) Understand that copying the profile exposes all browser sessions stored in that profile — use a dedicated / throwaway Chrome profile that contains only the Weibo login if you want to limit exposure. 2) The startup script hardcodes a macOS Chrome path; it will not work as-is on Linux/Windows and the SKILL.md does not mention this. 3) Inspect the included scripts yourself (start_chrome.sh and weibo_ops.py) — they appear to operate locally and do not exfiltrate data, but executing arbitrary scripts that copy your browser profile is sensitive. 4) Because the skill can delete posts, avoid running destructive actions (delete_all) until you test in a safe account. 5) If you cannot verify code or isolate the environment, do not run the script against your main Chrome profile or primary account.
Capability Analysis
Type: OpenClaw Skill
Name: weibo-ops
Version: 1.0.0
The skill bundle performs high-risk profile manipulation in `scripts/start_chrome.sh`, copying the user's entire Chrome profile (including `Cookies`, `Login Data`, and `Local Storage`) to `/tmp` to facilitate automation. It also opens a Chrome remote debugging port with `--remote-allow-origins="*"`, which exposes the browser session to potential cross-site attacks. While these actions are technically aligned with the stated goal of Weibo automation via `DrissionPage` in `scripts/weibo_ops.py`, they represent significant security vulnerabilities rather than clear malicious intent, as no external exfiltration logic was identified.
Capability Assessment
Purpose & Capability
The name/description (Weibo write operations via DrissionPage + CDP) matches what the Python script does: drive a real Chrome instance to post/repost/comment/like/delete. Copying a Chrome profile to reuse a logged-in session is a plausible implementation choice, but the script copies many profile files (Cookies, Login Data, Local Storage, etc.) which grants access to unrelated site sessions and secrets — more than the SKILL.md declares.
Instruction Scope
SKILL.md instructs the user to run scripts/start_chrome.sh which copies files from the user's Chrome profile into /tmp and launches Chrome with remote debugging; that requires reading sensitive local browser state. The runtime instructions and code show no network exfiltration, but they do perform destructive actions (delete_all) on the user's Weibo account. The instructions do not call out the full scope of file access or warn about copying profile data.
Install Mechanism
There is no external install or remote download; the skill is instruction + local scripts. That keeps install risk low — nothing is fetched from arbitrary URLs. The only dependency is DrissionPage via pip (declared in README).
Credentials
The skill does not declare any required config paths or credentials but the start_chrome.sh script requires read access to $HOME/Library/Application Support/Google/Chrome (macOS Chrome profile) and copies sensitive files like Cookies and Login Data. This is a disproportionate and undeclared access to local secrets/config. Also, the script assumes a macOS Chrome path but the skill metadata lists no OS restriction.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges. It copies a profile to /tmp (ephemeral) and launches a Chrome instance with remote debugging; this is local and not persistent beyond runtime. The skill can perform destructive actions on the user's Weibo account (delete_all), which is expected for its purpose but operationally sensitive.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install weibo-ops - After installation, invoke the skill by name or use
/weibo-ops - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
微博写操作:发帖、删帖、转发、评论、点赞。基于DrissionPage+Chrome CDP。
Metadata
Frequently Asked Questions
What is Weibo Operations?
Weibo (微博) write operations via DrissionPage + Chrome CDP. Post, delete, repost, comment, and like on weibo.com. Activate when user asks to publish/delete/re... It is an AI Agent Skill for Claude Code / OpenClaw, with 81 downloads so far.
How do I install Weibo Operations?
Run "/install weibo-ops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Weibo Operations free?
Yes, Weibo Operations is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Weibo Operations support?
Weibo Operations is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Weibo Operations?
It is built and maintained by sunwz1115 (@sunwz1115); the current version is v1.0.0.
More Skills