← Back to Skills Marketplace
蚁小二
by
yixiaoer888
· GitHub ↗
· v1.6.0
· MIT-0
165
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install yixiaoer-publish
Description
蚁小二支持 50 + 平台一键分发、多账号矩阵管理、团队协作与数据统计,适配图文、短视频等内容,覆盖全平台客户端,助力个人与企业高效运营新媒体矩阵。
Usage Guidance
This package appears to be a coherent publishing SDK, but exercise caution before installing or using it: 1) The repository/registry metadata does not list the required environment variable (YIXIAOER_API_KEY) even though the code and docs require it—ask the publisher to correct that. 2) The upload action reads local files and uploads them to service-provided pre-signed URLs: avoid passing paths to sensitive files (e.g., ~/.ssh, system configs, databases). 3) Treat YIXIAOER_API_KEY as a high-privilege credential—only provide it if you trust the remote service and the skill source (this package lists no homepage and has unknown source). 4) If possible, run the tool in a restricted environment (container or limited account) or use a service-scoped API key with minimal privileges. 5) Prefer to verify the remote API endpoint (YIXIAOER_API_URL) and examine network interactions, or request provenance (official homepage or maintainer contact) before using in production.
Capability Analysis
Type: OpenClaw Skill
Name: yixiaoer-publish
Version: 1.6.0
The skill bundle is a legitimate integration for the YiXiaoEr (蚁小二) social media management platform, designed to facilitate multi-platform content distribution. The core logic in `scripts/api.ts` acts as a transparent wrapper for the official API (yixiaoer.cn), handling authentication via environment variables and providing utility functions for media uploads and account management. While the script has the capability to read local files for uploading purposes, this behavior is explicitly documented and aligned with the tool's stated purpose of publishing media. No evidence of malicious intent, data exfiltration to unauthorized domains, or obfuscation was found.
Capability Assessment
Purpose & Capability
Name, description, docs, and scripts/api.ts consistently implement a social-media multi-platform publishing helper; the requested operations (query accounts, upload resources, publish tasks) align with the stated purpose. However, the skill's registry metadata declares no required environment variables or primary credential while both SKILL.md and scripts/api.ts clearly require YIXIAOER_API_KEY (and optionally YIXIAOER_API_URL). That metadata omission is inconsistent and reduces transparency.
Instruction Scope
SKILL.md instructs the agent to call scripts/api.ts with a --payload JSON; the code will (a) call the remote API with an Authorization header derived from YIXIAOER_API_KEY, (b) fetch remote URLs, and (c) read local files for upload. Those behaviors are expected for a publisher but expand the skill's runtime surface: running upload action will read arbitrary local file paths provided in payloads and PUT their contents to pre-signed service URLs returned by the remote API. The instructions do not restrict which local paths to use, so a maliciously crafted payload (or careless use) could cause unintended local file disclosure.
Install Mechanism
No install spec or external downloads are present; the skill is instruction-plus-source only. There are no brew/npm/extract installs or third-party URL downloads in the package.
Credentials
The code legitimately needs an API key (YIXIAOER_API_KEY) and optionally YIXIAOER_API_URL; those are proportionate to the service integration. But the package metadata declares no required env vars or primary credential, which is a transparency issue. Also note that the API key grants the skill ability to perform account queries, uploads, updates, and publishes on the remote service, so the key should be treated as a high-sensitivity secret.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system settings. It will only act when invoked (user-invocable / agent invocation allowed by default). There is no evidence of attempts to persist beyond its own code files.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install yixiaoer-publish - After installation, invoke the skill by name or use
/yixiaoer-publish - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.6.0
Initial release of yixiaoer-publish skill.
- 支持 50+ 平台一键分发,覆盖图文、短视频等多媒体内容。
- 提供多账号矩阵管理、团队协作与数据统计功能。
- 采用 DTO 驱动的 API 调用方式,接口参数严格文档化,统一通过 api.ts 脚本执行。
- 资源上传、账号、内容发布、分析统计等能力统一指令入口。
- 平台名称、资源格式等均需严格遵守官方定义和数据规范。
- 内置敏感信息管理,支持云发布(publishChannel: cloud)。
Metadata
Frequently Asked Questions
What is 蚁小二?
蚁小二支持 50 + 平台一键分发、多账号矩阵管理、团队协作与数据统计,适配图文、短视频等内容,覆盖全平台客户端,助力个人与企业高效运营新媒体矩阵。 It is an AI Agent Skill for Claude Code / OpenClaw, with 165 downloads so far.
How do I install 蚁小二?
Run "/install yixiaoer-publish" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 蚁小二 free?
Yes, 蚁小二 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 蚁小二 support?
蚁小二 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 蚁小二?
It is built and maintained by yixiaoer888 (@yixiaoer888); the current version is v1.6.0.
More Skills