← 返回 Skills 市场
170
总下载
0
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install facebookadvanced
功能描述
OpenClaw skill for posting to Facebook Pages from the terminal
使用说明 (SKILL.md)
Facebook Page Posting Skill
A command-line skill for posting to Facebook Pages via the Graph API.
Overview
This skill provides CLI commands to:
- Post text and images to Facebook Pages
- Schedule posts for later publication
- Manage scheduled posts
- Test connections and verify credentials
Installation
The skill is installed as an npm package:
npm install -g clawhub
clawhub install facebookadvanced
cd .\facebook-advanced
npm install
npm link
Or run directly from the workspace:
node C:\Users\OS\.openclaw\workspace\skills\facebook-advanced\index.js \x3Ccommand>
Usage
OPTIONAL - create facebook-config.json in the same directory as the skill:
{
"page_id": "",
"access_token":"",
"page_name": "",
}
Setup
First, configure your Facebook Page credentials:
openclaw-facebook-posting fb-post-setup \x3Cpage_id> \x3Caccess_token> [page_name]
Getting a Page Access Token:
- Go to Facebook Developer Console
- Create an app (if needed)
- Add "Graph API" product
- Generate a Page Access Token with permissions:
pages_manage_posts- Create and manage postspages_read_engagement- Read page content
Posting
Text Post:
openclaw-facebook-posting fb-post "Your message here"
Image Post:
openclaw-facebook-posting fb-post-image "Caption" "https://example.com/image.jpg"
Scheduling
Schedule a Post:
openclaw-facebook-posting fb-post-schedule "Tomorrow's post!" "2024-04-20T10:00:00Z"
List Scheduled Posts:
openclaw-facebook-posting fb-post-schedule-list
Delete Scheduled Post:
openclaw-facebook-posting fb-post-schedule-delete \x3Cpost_id>
Testing
Test Connection:
openclaw-facebook-posting fb-post-test
Show Configuration:
openclaw-facebook-posting fb-config-show
Help
openclaw-facebook-posting --help
Configuration
Configuration is stored in:
C:\Users\OS\.openclaw\workspace\facebook-config.json
Security Note: This file contains your access token. Keep it secure.
Commands Reference
| Command | Description |
|---|---|
fb-post-setup |
Configure Facebook Page credentials |
fb-post |
Post text to your Page |
fb-post-image |
Post image with caption |
fb-post-schedule |
Schedule a post for later |
fb-post-schedule-list |
List scheduled posts |
fb-post-schedule-delete |
Delete a scheduled post |
fb-post-test |
Test connection and permissions |
fb-config-show |
Show current configuration |
--help |
Show help message |
Troubleshooting
Common Issues
Invalid Access Token:
- Token expired. Generate a new one and re-run setup.
- Check token permissions.
Page Not Found:
- Verify page_id is correct.
- Ensure token has access to the page.
Permission Denied:
- Token needs
pages_manage_postspermission. - Re-generate token with correct permissions.
API References
Security Considerations
- Access tokens are stored in plain text in the config file
- Do not share your config file
- Revoke tokens when no longer needed
- Use environment variables for sensitive data in production
Development
Project Structure
example-posting/
├── index.js # Main CLI entry point
├── package.json # npm package config
├── README.md # User documentation
├── SKILL.md # Skill documentation
├── commands/
│ ├── setup.js # Configuration setup
│ ├── post.js # Text posting
│ ├── post-image.js # Image posting
│ ├── post-schedule.js # Schedule posts
│ ├── post-schedule-list.js # List scheduled posts
│ ├── post-schedule-delete.js # Delete scheduled posts
│ ├── post-test.js # Connection testing
│ ├── config-show.js # Show configuration
│ └── help.js # Help message
└── facebook-config.json # User configuration (created on setup)
Adding New Commands
- Create a new file in
commands/directory - Export a function that handles the command logic
- Add the command to
index.jscommands mapping - Update
help.jswith documentation
Testing
# Test connection
node commands/post-test.js
# Test specific command
node commands/post.js "Test message"
License
MIT
安全使用建议
What to check before installing or running this skill:
- Do not paste your Page access token into a public place. The skill stores the token unencrypted in a JSON file in your OpenClaw workspace (facebook-posting.json per the code, but SKILL.md refers to facebook-config.json and a Windows path). Clarify which file the tool will actually read/write and secure that file (restrict filesystem permissions) or use environment variables instead.
- The README and code disagree on filenames and CLI names. Confirm which filename the installed package will use (facebook-posting.json vs facebook-config.json) and where it will be written. If you follow the README but the code reads a different path, your token may be left in an unexpected location.
- Review package.json and any npm install hooks before running npm install -g or linking the package. Because the registry metadata did not include an automated install spec, running npm will actually execute whatever is in package.json (postinstall scripts could be present in the omitted files).
- The code only talks to graph.facebook.com, which is expected. Still, because some files were truncated in the provided dump, provide the remaining files (full package.json and any omitted scripts) for a full review — the current judgment assumes the omitted files don't contain unexpected network endpoints or obfuscated code.
- Prefer using short-lived tokens or environment variables (and platform secrets storage) rather than plaintext files. If you must use a file, set restrictive file permissions and remove tokens when not needed.
- If you want to proceed: run the tool in a sandbox or throwaway account first to confirm behavior, and verify that test-post/deletion behavior is acceptable (the test command creates and attempts to delete a post).
What would change this assessment to 'benign':
- SKILL.md fixed to match the actual config filename/path and CLI names, no postinstall hooks in package.json, and explicit guidance to use environment-based secrets or encrypted storage. Also provide the omitted files for review showing no other network targets or obfuscated code.
What would increase severity to 'malicious':
- Discovery of postinstall scripts or other omitted files that contact non-Facebook endpoints, exfiltrate the access token, or contain obfuscated code. If you want, provide the remaining files (complete package.json and the omitted JS files) and I will re-scan them.
功能分析
Type: OpenClaw Skill
Name: facebookadvanced
Version: 1.0.4
The skill bundle exhibits significant code redundancy and conflicting implementations, suggesting a poorly vetted or improperly assembled package. It contains two sets of overlapping commands (e.g., 'post.js' vs 'fb-post.js') that use different configuration filenames ('facebook-config.json' vs 'facebook-posting.json'). A critical security vulnerability exists in 'commands/post.js', which explicitly logs the full Facebook 'access_token' to the console via debug statements. Furthermore, many scripts in the bundle depend on the 'commander' package, which is not declared in the 'package.json' dependencies, and the documentation contains hardcoded Windows file paths (e.g., C:\Users\OS\...), indicating the bundle was likely captured from a specific local environment without sanitization.
能力标签
能力评估
Purpose & Capability
The name/description match the code: the JavaScript files implement posting, scheduling, listing drafts, and test flows against graph.facebook.com. Requested capabilities (posting, scheduling, deleting) are coherent with a Facebook Pages posting skill. However, the SKILL.md and code disagree about config filenames and CLI names (SKILL.md references facebook-config.json and a Windows path, many code files read/write facebook-posting.json in the user workspace), which is inconsistent and could confuse users.
Instruction Scope
SKILL.md instructs users to place a facebook-config.json in the skill directory or shows a Windows hard-coded path (C:\Users\OS\.openclaw\workspace\facebook-config.json), but most code reads/writes facebook-posting.json from the OpenClaw workspace (resolved from HOME/USERPROFILE or OPENCLAW_WORKSPACE). CLI binary names also differ between docs and code (e.g., 'openclaw-facebook-posting' vs 'openclaw fb-post-*'). The README also explicitly warns that access tokens are stored in plain text; the code persists the token to disk without encryption. These mismatches are scope/integration errors that could cause accidental token exposure or misconfiguration.
Install Mechanism
Registry metadata lists no install spec (instruction-only), but the package includes many code files (index.js, commands/*.js, package.json). There's no provided installation script in the registry metadata — the SKILL.md suggests npm global install and linking. Because there's no automated install spec, nothing will be dropped by the platform automatically, but installing the package with npm (per the README) will write files to the environment; verify package.json and postinstall hooks before running npm install.
Credentials
The skill declares no required environment variables or primary credential, and it asks the user to supply a Facebook Page access token via the CLI (reasonable). It stores the access token in a plaintext JSON file in the user's workspace (facebook-posting.json), which is explicitly called out in the SKILL.md. The code also respects OPENCLAW_WORKSPACE if set, but that env var is not declared in metadata. Storing long-lived tokens in plaintext is disproportionate risk if users don't secure the workspace. There are no other unrelated credentials requested.
Persistence & Privilege
The skill does not request always:true or any elevated platform privileges. It does write a config file to the user workspace (normal for a CLI tool). The skill can be invoked autonomously by the agent (platform default), but that is not an additional red flag here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install facebookadvanced - 安装完成后,直接呼叫该 Skill 的名称或使用
/facebookadvanced触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
- Documentation in SKILL.md reformatted for clarity; no functional changes to skill features.
- No changes to commands or behavior—update only impacts documentation.
v1.0.3
OpenClaw skill for posting to Facebook Pages from the terminal to post text and images, schedule and manage posts on Facebook Pages via the Graph API using configured page credentials.
v1.0.2
**Initial public release of example-posting skill.**
- Added CLI commands for posting text and images to Facebook Pages, including scheduling and post management.
- Implements configuration setup, show config, and connection test commands.
- Provides help and usage documentation via the `help` command.
- Supports deleting posts and scheduled/deferred posts.
- Organizes commands in a modular structure for easy extension.
v1.0.1
- Added _meta.json file for skill metadata.
- No changes to commands or functionality.
v1.0.0
Initial release of the Facebook Posting skill for OpenClaw.
- Provides a complete CLI for posting, scheduling, and managing Facebook Page content from the terminal.
- Supports immediate posts, image posts, scheduled posts, drafts, and deletions.
- Includes setup, configuration, post listing, and connection testing commands.
- Outputs post/schedule IDs and detailed troubleshooting steps for common Facebook API errors.
- Implements safety checks for destructive actions and best practices for token and privacy security.
元数据
常见问题
Facebookadvanced 是什么?
OpenClaw skill for posting to Facebook Pages from the terminal. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 170 次。
如何安装 Facebookadvanced?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install facebookadvanced」即可一键安装,无需额外配置。
Facebookadvanced 是免费的吗?
是的,Facebookadvanced 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Facebookadvanced 支持哪些平台?
Facebookadvanced 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Facebookadvanced?
由 phuongsky(@phuongsky)开发并维护,当前版本 v1.0.4。
推荐 Skills