← 返回 Skills 市场
262
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install cnblogs-publisher
功能描述
Manage CNBlogs (博客园) articles via MetaWeblog API. Supports save drafts, publish, update, and delete posts.
使用说明 (SKILL.md)
CNBlogs Publisher Skill
通过 MetaWeblog API 管理博客园(CNBlogs)文章的 OpenClaw Skill。
功能特性
- ✅ 保存草稿 - 快速创建文章草稿
- 📋 文章管理 - 获取列表、查看详情
- ✏️ 更新修改 - 修改已有文章内容
- 🚀 一键发布 - 将草稿发布为正式文章
- 🗑️ 安全删除 - 删除文章(带确认机制)
快速开始
1. 配置环境变量
export CNBLOGS_BLOG_URL="https://rpc.cnblogs.com/metaweblog/your-blog-name"
export CNBLOGS_USERNAME="your-username"
export CNBLOGS_TOKEN="your-metaweblog-token"
获取 Token:博客园 → 设置 → 其他设置 → MetaWeblog 访问令牌
2. 保存第一篇草稿
# 创建文章
cat > mypost.md \x3C\x3C 'EOF'
# 我的第一篇文章
Hello,这是我的第一篇博客!
EOF
# 保存到草稿箱
python scripts/save_draft.py "我的第一篇文章" "mypost.md" "随笔"
3. 发布文章
# 使用上一步返回的文章 ID
python scripts/publish.py 12345678
所有命令
| 命令 | 功能 | 示例 |
|---|---|---|
get_blog_info.py |
获取博客信息 | python scripts/get_blog_info.py |
list_drafts.py |
获取文章列表 | python scripts/list_drafts.py |
get_post.py |
获取单篇文章 | python scripts/get_post.py 12345 |
save_draft.py |
保存草稿 | python scripts/save_draft.py "标题" "file.md" "分类" |
update_draft.py |
更新草稿 | python scripts/update_draft.py 12345 "file.md" "分类" |
publish.py |
发布文章 | python scripts/publish.py 12345 |
delete_post.py |
删除文章 | python scripts/delete_post.py 12345 |
完整文档
详细文档、API 参考、故障排除请访问: https://github.com/suversal/cnblogs-publisher/blob/main/README.md
技术栈
- Python 3.7+
- MetaWeblog API
- xmlrpc.client
许可证
MIT License
作者: suversal
仓库: https://github.com/suversal/cnblogs-publisher
版本: 1.0.0
安全使用建议
This skill appears to implement exactly what it claims (CNBlogs MetaWeblog operations), but there are a few issues you should address before installing or running it:
1) Metadata vs. behavior: The skill metadata does not declare required environment variables, but the scripts need CNBLOGS_BLOG_URL, CNBLOGS_USERNAME and CNBLOGS_TOKEN. Treat these as required secrets and do not leave them unset. Prefer the metadata be corrected to list required env vars.
2) Secrets in the repo: tests/test_all.sh includes an exported CNBLOGS_TOKEN-like value and a local path — this may be a leaked credential or a placeholder that looks real. Do not assume that value is safe; remove or rotate any real token embedded in the package before use.
3) TLS verification: The scripts disable SSL verification. This can expose your token and data to man-in-the-middle attacks. Prefer enabling proper certificate verification or only use the scripts against trusted endpoints; modify CustomTransport to use default SSL verification where possible.
4) Hardcoded defaults: Several scripts include default BLOG_URL/USERNAME/blogid values. Make sure you explicitly set your environment variables (do not rely on defaults) so the scripts don't accidentally act against a different account.
5) Token storage best practices: The SKILL.md suggests adding exports to ~/.zshrc; that's convenient but exposes the token to any local process that can read that file. Consider more secure storage (e.g., OS secret store or ephemeral env vars) and avoid committing tokens into dotfiles or the repository.
6) Audit before running: Inspect and, if necessary, remove test files that contain secrets. Run scripts in a controlled environment first, and verify that network endpoints contacted are only your CNBlogs MetaWeblog URL(s). If you need help hardening the scripts (re-enable SSL verification, remove defaults), update them before use.
功能分析
Type: OpenClaw Skill
Name: cnblogs-publisher
Version: 1.0.1
The skill bundle provides legitimate functionality for managing CNBlogs articles via the MetaWeblog API, but contains several security vulnerabilities. Multiple scripts (e.g., delete_post.py, save_draft.py, publish.py) explicitly disable SSL certificate verification using ssl._create_unverified_context(), which exposes the user to Man-In-The-Middle (MITM) attacks. Additionally, the test script tests/test_all.sh contains hardcoded credentials, including a MetaWeblog access token and username. While these appear to be developer oversights rather than intentional malice, the lack of input sanitization and weak transport security meet the criteria for a suspicious classification.
能力评估
Purpose & Capability
Name/description, SKILL.md and the Python scripts all align: they implement MetaWeblog operations for CNBlogs (list, save, update, publish, delete). However registry metadata declares no required environment variables or primary credential while both SKILL.md and the scripts expect CNBLOGS_BLOG_URL, CNBLOGS_USERNAME and CNBLOGS_TOKEN — this mismatch is incoherent and should be fixed.
Instruction Scope
Instructions ask the user to export CNBLOGS_BLOG_URL, CNBLOGS_USERNAME and CNBLOGS_TOKEN and run the included scripts — that's within expected scope. Concerns: (1) the scripts create an SSL context that disables verification (ssl._create_unverified_context()), which weakens TLS protections; (2) test/test_all.sh contains explicit environment exports including a long token value and an absolute user path (indicative of a leaked credential/example that could be sensitive); (3) many scripts include hardcoded default BLOG_URL/USERNAME/blogid values, so if env vars are unset they may attempt to contact those defaults unexpectedly.
Install Mechanism
No install spec; the package is instruction-plus-scripts and does not download or install remote code at install-time — this is lower risk.
Credentials
The skill legitimately requires a CNBlogs MetaWeblog token and username, but the registry metadata does not declare any required env vars. That omission is inconsistent. Additionally, a test script in the repo contains a long token-like string exported as CNBLOGS_TOKEN — embedding tokens in repository files is a sensitive issue and not appropriate for published packages.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system privileges. It suggests adding env exports to shell rc files in documentation (which is user action, not automatic). The skill does not attempt to modify other skills or system settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cnblogs-publisher - 安装完成后,直接呼叫该 Skill 的名称或使用
/cnblogs-publisher触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Expanded feature descriptions and reorganized documentation for improved clarity and onboarding.
- Added environment variable setup details for full MetaWeblog API configuration.
- Provided step-by-step quick-start guide with code examples.
- Included a command reference table listing all script functionalities.
- Linked to full documentation and repository for further information.
v1.0.0
Initial release of cnblogs-publisher.
- Manage CNBlogs articles via MetaWeblog API.
- Features: save drafts, get article list/single article, update drafts, publish, and delete posts.
- Easy environment variable setup for authentication.
- Includes testing script and MIT license.
元数据
常见问题
CNBlogs Publisher 是什么?
Manage CNBlogs (博客园) articles via MetaWeblog API. Supports save drafts, publish, update, and delete posts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 262 次。
如何安装 CNBlogs Publisher?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cnblogs-publisher」即可一键安装,无需额外配置。
CNBlogs Publisher 是免费的吗?
是的,CNBlogs Publisher 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
CNBlogs Publisher 支持哪些平台?
CNBlogs Publisher 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 CNBlogs Publisher?
由 Sue(@suversal)开发并维护,当前版本 v1.0.1。
推荐 Skills