← Back to Skills Marketplace
frankieway

social-media-analysis

by FrankieWay · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
110
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install social-media-analysis
Description
社交媒体舆情数据分析工具。从飞书多维表格读取 URL,下载媒体,分析内容,生成摘要。
Usage Guidance
This skill appears to do what it says (read Feishu bitable, download social-media media, extract frames, and generate short analyses), but it has several practical and security gaps: (1) The registry metadata does not declare the environment variables and command-line tools the scripts actually use — APP_ID, APP_SECRET, BITABLE_URL, optional XHS_COOKIE, and binaries like node, yt-dlp, ffmpeg, and Playwright are required at runtime. (2) Although permissions list only open.feishu.cn, the scripts make many outbound requests to social-media domains and will download files to disk. Before installing, verify you trust the source and review the full scripts locally. Prefer running in an isolated environment (dedicated VM/container) and use a Feishu app with minimal scope (rotate/revoke credentials after testing). If you need tighter control, request the publisher to update registry metadata to list required env vars, required binaries, and all outbound hosts, and to explain the unspecified 'image' analysis step and any external model endpoints it may call.
Capability Analysis
Type: OpenClaw Skill Name: social-media-analysis Version: 1.0.0 The skill contains critical shell injection vulnerabilities in scripts/parse-bilibili.js and scripts/parse-xiaohongshu.js, where unsanitized URLs retrieved from a Feishu Bitable are passed directly to execSync calls for yt-dlp. While these flaws allow for potential Remote Code Execution (RCE), they appear to be unintentional coding errors rather than intentional malware. Additionally, the SKILL.md file declares restricted network permissions (only open.feishu.cn) that do not align with the scripts' actual behavior of accessing multiple social media domains like douyin.com, weibo.cn, and xiaohongshu.com.
Capability Assessment
Purpose & Capability
The skill's name/description (Feishu bitable → download media → produce summaries) align with the included scripts. However the registry metadata declares no required env vars or binaries while the SKILL.md and scripts clearly require APP_ID/APP_SECRET/BITABLE_URL, optionally XHS_COOKIE, and external tools (yt-dlp, ffmpeg, Playwright, node). That mismatch (metadata says nothing required, runtime asks for credentials and binaries) is an incoherence.
Instruction Scope
SKILL.md and the included scripts instruct the agent to fetch tenant access tokens (APP_ID/APP_SECRET) and call Feishu APIs (expected), but they also fetch content from many external domains (weibo, m.weibo.cn, xiaohongshu, Douyin/Toutiao/Bilibili) and run local downloads and media-processing (ffmpeg, yt-dlp, Playwright). The skill's declared network permission only lists open.feishu.cn, yet runtime will contact many other hosts. The instructions also call an unspecified image-analysis command ('image frame_001.jpg') and run Playwright browser automation — both grant broad discretion and network/file access. These behaviors are coherent with the stated purpose but the omitted network host declarations and unspecified image-analysis step are concerning and should be explicitly reviewed/approved.
Install Mechanism
There is no install spec (instruction-only), so nothing would automatically be downloaded/installed by the platform. That lowers install-time risk. However the scripts assume presence of several external binaries (node, yt-dlp, ffmpeg, Playwright) and will write downloaded media to disk; those dependencies are not declared in the registry metadata. Because install is manual, ensure required tools are installed from trusted sources before running.
Credentials
The runtime requires sensitive Feishu credentials (APP_ID/APP_SECRET) and optionally cookies for Xiaohongshu (XHS_COOKIE). Those are proportionate to a skill that reads and updates a Feishu bitable and fetches gated content, but the registry metadata did not list them as required — an information gap. Confirm you are comfortable providing Feishu app credentials (they grant tenant-level API access) and any site cookies; minimize scopes and use a dedicated account/app if possible.
Persistence & Privilege
The skill is not marked always:true and does not request persistent platform-level privileges. It will run as invoked and update records in the target Feishu bitable (expected behavior). Autonomous invocation is allowed (platform default) but not combined here with other high-risk flags.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install social-media-analysis
  3. After installation, invoke the skill by name or use /social-media-analysis
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of social-media-analysis skill. - Provides tools to analyze social media data from Feishu (Lark) Bitable views. - Supports URL validity checks, media type detection (image/video), media downloading, and 5-second interval video frame extraction. - Generates concise (≤100 characters) content summaries with emphasis on Xiaomi/Xiaoai mentions if detected. - Includes platform-specific scripts for Douyin, Weibo, Toutiao, Bilibili, and Xiaohongshu. - Batch processing, concurrent workers, content parsing length limits, and customizable field mappings are supported. - Output includes a success flag for process completion status.
Metadata
Slug social-media-analysis
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is social-media-analysis?

社交媒体舆情数据分析工具。从飞书多维表格读取 URL,下载媒体,分析内容,生成摘要。 It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.

How do I install social-media-analysis?

Run "/install social-media-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is social-media-analysis free?

Yes, social-media-analysis is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does social-media-analysis support?

social-media-analysis is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created social-media-analysis?

It is built and maintained by FrankieWay (@frankieway); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments