← Back to Skills Marketplace

No Cap

Name: No Cap
Author: zephyr2800

by zephyr2800 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install no-cap

Description

Automatically ingest X/Twitter bookmarks, filter noise, and extract actionable signals. Run to process new bookmarks into structured intelligence.

Usage Guidance

Do not follow the cookie-extraction steps or paste your auth_token/ct0 into anything until you have the actual source code and installation instructions. This published skill contains only runtime instructions but no code or install package — commands like `npx tsx src/cli.ts` reference files that are not included. Ask the publisher for the repository URL or a vetted release, review the code yourself (or have a trusted party review it), and prefer an OAuth/API-based integration rather than handing over browser session cookies. If you temporarily provide session cookies to any third-party tool, plan to revoke or rotate them immediately afterward. Finally, verify any tool requiring Node/npx/tsx on your system and avoid running unreviewed scripts as admin.

Capability Analysis

Type: OpenClaw Skill Name: no-cap Version: 1.0.0 The skill performs high-risk credential extraction and management. Specifically, SKILL.md instructs the agent to execute a CLI command (auto-login) that extracts X/Twitter session cookies from the Chrome browser and requires macOS Keychain access. It also handles sensitive data including session tokens and Resend API keys, storing them in ~/.no-cap/config.json. While these capabilities are plausibly required for the stated purpose of automating bookmark ingestion and email digests, the automated extraction of browser credentials and interaction with the system keychain represent significant security risks.

Capability Assessment

⚠ Purpose & Capability

The skill's stated purpose (ingest X/Twitter bookmarks) is plausible, but the runtime steps assume a local repository with a TypeScript CLI (src/cli.ts) and use of npx/tsx. The published skill contains no code files, no repo, and declares no required binaries (node/npx). That mismatch means the skill cannot operate as described from the provided bundle alone.

⚠ Instruction Scope

Runtime instructions explicitly direct extraction of X session cookies from Chrome (auto-login) or manual copying of auth_token and ct0, reading and writing ~/.no-cap/config.json, and running CLI commands. Extracting browser session cookies and storing them locally is highly sensitive; the instructions do not provide secure handling or explain where/how code will run (there is no included code).

⚠ Install Mechanism

There is no install specification and no code files, yet the instructions expect you to run npx tsx against a local repoPath. The skill neither supplies the referenced repository nor declares Node/npx as required binaries. This is an incoherent install/runtime model — you would need to obtain code from elsewhere, which is not provided or verified here.

⚠ Credentials

The workflow requests sensitive credentials (X session cookies: auth_token and ct0) and optionally a Resend API key for email delivery. While these secrets are relevant to the skill's function, the bundle does not declare where they will be stored beyond a local config file, does not include code to inspect for leaks, and asks you to extract browser cookies — a high-risk operation if the code performing the extraction is not available for review.

ℹ Persistence & Privilege

The skill does not set always:true and does not claim system-wide privileges, but it instructs writing credentials to ~/.no-cap/config.json and setting permissions to 600. Storing session cookies locally is persistent and increases blast radius if the code is malicious; the behavior itself is explainable for this use case but should only be done after reviewing the implementation that will read those files.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install no-cap
After installation, invoke the skill by name or use /no-cap
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release: X bookmark ingestion, 3-layer noise filter, email digest

Metadata

Slug no-cap

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is No Cap?

Automatically ingest X/Twitter bookmarks, filter noise, and extract actionable signals. Run to process new bookmarks into structured intelligence. It is an AI Agent Skill for Claude Code / OpenClaw, with 97 downloads so far.

How do I install No Cap?

Run "/install no-cap" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is No Cap free?

Yes, No Cap is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does No Cap support?

No Cap is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created No Cap?

It is built and maintained by zephyr2800 (@zephyr2800); the current version is v1.0.0.

More Skills