← Back to Skills Marketplace

SocialVault

Name: SocialVault
Author: 2019-02-18

by LIU · GitHub ↗ · v0.1.7 · MIT-0

linuxdarwinwin32 ✓ Security Clean

272

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install social-vault

Description

社交平台账号凭证管理器。提供登录态获取、AES-256-GCM 加密存储、定时健康监测和自动续期。Use when managing social media account credentials, importing cookies, checking login status, or automating...

Usage Guidance

This skill is largely coherent with its stated purpose: it uses node/npx, local files under vault/, and the builtin browser tool to import and verify social-media credentials and schedules periodic health checks. Before installing: 1) Review the vault-crypto.ts implementation (key generation, key file permission setting, in-memory clearing) to confirm keys are created with strict permissions and plaintext is reliably zeroed/cleared. 2) Confirm the TRUSTED_DOMAINS list matches only the official domains you expect (adding new platforms requires code changes). 3) Understand that cron jobs will periodically decrypt credentials in memory and make network requests to platform endpoints—ensure you want automated checks. 4) Confirm vault/ will not be backed up or committed to version control and that vault-key is protected (600). If you can audit the missing/omitted files (especially vault-crypto.ts and any remaining scripts/tests) and verify no hidden outbound endpoints exist, my confidence would increase to high.

Capability Analysis

Type: OpenClaw Skill Name: social-vault Version: 0.1.7 SocialVault is a credential management skill for social media accounts that prioritizes security through local AES-256-GCM encryption and strict domain whitelisting. It stores credentials in an encrypted vault (`vault/vault.enc`) using a local key (`vault/vault-key`) and implements a hardcoded whitelist in `scripts/session-verifier.ts` to ensure authentication headers are only sent to official platform domains (e.g., bilibili.com, xiaohongshu.com). The skill includes robust logic for browser fingerprinting, cookie parsing, and automated health checks, with explicit instructions in `SKILL.md` for the agent to clear sensitive data from memory and avoid displaying full credentials in logs or dialogue.

Capability Assessment

✓ Purpose & Capability

Name/description (social account credential manager) align with requested resources and behavior: node/npx, the OpenClaw browser tool, local filesystem access to a vault/, adapter files, and outgoing requests to official platform endpoints declared in metadata. There are no unrelated credentials or external services required.

ℹ Instruction Scope

SKILL.md instructs the agent to create/initialize a local vault, parse user-provided cookies/tokens, use the platform browser tool for QR/login flows, and display QR screenshots in conversation. Those actions are within the described scope, but they mean the agent will (a) accept user-supplied credentials, (b) decrypt them in memory for verification, and (c) drive a browser that may capture screenshots—users should expect those operations.

✓ Install Mechanism

Install is standard: npm install --production and an explicit setup.sh that runs the local tsx runtime and initializes the vault. No external URL downloads, URL shorteners, or arbitrary extracts were used in the visible install spec or package.json; dependency surface is minimal (tsx).

✓ Credentials

The skill requests no environment variables or unrelated credentials. It only operates on user-supplied cookies/tokens and local vault files. The hardcoded TRUSTED_DOMAINS whitelist enforces domain constraints for outgoing verification requests (as implemented in session-verifier.ts).

ℹ Persistence & Privilege

Cron entries are declared (periodic health checks and refresh tasks) that will decrypt credentials in memory and call platform endpoints. 'always' is false, and the skill does not appear to modify other skills or system-wide settings. Nonetheless, scheduled automatic access to credentials is a sensitive capability users should be aware of.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install social-vault
After installation, invoke the skill by name or use /social-vault
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.7

## social-vault 0.1.7 Changelog - Added or updated platform adapter documentation for Bilibili, Xiaohongshu, and Zhihu. - Improved the session verification script (`scripts/session-verifier.ts`). - Updated the SKILL.md documentation; no breaking changes in usage or core logic. - Minor clarifications and content improvements throughout documentation files.

v0.1.6

v0.1.6 introduces major platform updates and deprecations: - Added support and guides for Bilibili, Zhihu, and Tieba (new adapters and cookie export instructions). - Removed adapters and guides for Reddit and X (Twitter), including their endpoints and documentation. - Updated list of supported platforms and verification endpoints to match the new adapters. - Cleaned up package files and removed obsolete dependencies (e.g., package-lock.json, .gitignore). - Updated internal documentation for platform coverage and verification logic.

v0.1.5

Version 0.1.5

v0.1.4

- Added setup.sh script for installing dependencies and initializing vault. - Added scripts/run-health-check.ts as the new entry point for health checks; scheduled tasks now use this script. - Added scripts/session-verifier.ts utility. - Updated SKILL.md to explicitly state no external tokens or webhooks are needed, and to clarify QR code images are shown only in the conversation. - Removed unencrypted vault/accounts.json; credentials now stored only in encrypted form. - Updated cron job commands to use run-health-check.ts.

v0.1.3

No file or documentation changes detected in this version. No user-facing changes.

v0.1.2

No changes detected in this version.

v0.1.1

Initial release of SocialVault, a secure social media account credential manager. - Provides encrypted storage for credentials using AES-256-GCM. - Supports adding, updating, listing, validating, and removing social media accounts via multiple authentication flows (cookie, API token, QR scan). - Includes platform adapter framework for extensibility and custom platform support. - Features automated health checks, session refresh, and weekly audit cron jobs. - Integrates browser fingerprint management for enhanced session modeling and automation. - Delivers user guidance for command usage, credential import, and troubleshooting.

Metadata

Slug social-vault

Version 0.1.7

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 7

Frequently Asked Questions

What is SocialVault?

社交平台账号凭证管理器。提供登录态获取、AES-256-GCM 加密存储、定时健康监测和自动续期。Use when managing social media account credentials, importing cookies, checking login status, or automating... It is an AI Agent Skill for Claude Code / OpenClaw, with 272 downloads so far.

How do I install SocialVault?

Run "/install social-vault" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SocialVault free?

Yes, SocialVault is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does SocialVault support?

SocialVault is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created SocialVault?

It is built and maintained by LIU (@2019-02-18); the current version is v0.1.7.

More Skills