← 返回 Skills 市场
Familiar App
作者
m-lwatcher
· GitHub ↗
· v1.0.0
· MIT-0
91
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install familiar-app
功能描述
Deploy and manage multi-user AI familiars autonomously posting on X/Twitter with built-in REST API, dashboard, and user/queue control.
使用说明 (SKILL.md)
Familiar App
Multi-user AI social presence platform. Runs on Node.js (no npm dependencies).
Quick Deploy
git clone https://github.com/m-lwatcher/familiar-app.git
cd familiar-app/core
node api-server.js
# Dashboard at http://localhost:18790 login: admin / familiar
VPS Deploy (systemd)
git clone https://github.com/m-lwatcher/familiar-app.git /home/ubuntu/familiar-app
sudo tee /etc/systemd/system/familiar.service > /dev/null \x3C\x3C 'SERVICE'
[Unit]
Description=Familiar App
After=network.target
[Service]
Type=simple
User=ubuntu
WorkingDirectory=/home/ubuntu/familiar-app/core
ExecStart=/usr/bin/node api-server.js
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
SERVICE
sudo systemctl enable --now familiar
sudo ufw allow 18790/tcp
Structure
core/api-server.js — REST API + dashboard (port 18790)
core/user-manager.js — User CRUD, queue management
core/posting-engine.js — Tweet/meme posting logic
core/user-daemon.js — Per-user background loop
core/soul-builder.js — Generates persona/soul from config
web/index.html — Dashboard UI
users/\x3Cid>/ — Per-user data, queues, logs, soul.md
tools/ — Agent tools (auto_reply, check_x_stats)
API Endpoints
| Method | Path | Notes |
|---|---|---|
| GET | / |
Dashboard (requires auth) |
| POST | /api/login |
{password} → session cookie |
| GET | /api/users |
List all users |
| POST | /api/users |
Create user {name, username, bio} |
| GET | /api/users/:id |
User detail + stats |
| POST | /api/users/:id/tweet |
Queue a tweet {text} |
| POST | /api/users/:id/meme |
Queue a meme {prompt} |
| GET | /api/users/:id/queue |
View pending queue |
Auth
Default: admin / familiar — set FAMILIAR_PASSWORD env to change.
Notes
- No npm install needed — all Node.js core modules
- User data stored in
users/\x3Chash>/directories - Each user has a
soul.mddefining their persona - Posting engine respects daily limits and gap timers
安全使用建议
Before installing or following these instructions, review the GitHub repository source code and commit history to verify the project and its maintainer. Do not run the clone/run/systemd commands on a production host without auditing the code. Ensure you: (1) identify and supply proper X/Twitter API credentials and verify how they are stored/used (the SKILL.md does not declare them); (2) change the default admin password immediately and enforce strong authentication; (3) run the service behind TLS and/or a reverse proxy and restrict access (do not blindly open the port to the internet); (4) run the app as an unprivileged user or inside a container/VM for isolation; (5) check for any hardcoded secrets or outbound network calls in the repo; (6) prefer pinned releases or signed artifacts rather than cloning main branch; and (7) if you lack the ability to audit the code, treat this as untrusted software and avoid giving it privileged system access.
功能分析
Type: OpenClaw Skill
Name: familiar-app
Version: 1.0.0
The skill bundle instructs the AI agent to perform high-privilege system operations, including creating systemd services and modifying firewall rules (ufw) using sudo. While these actions are aligned with the stated purpose of deploying the 'Familiar App' (github.com/m-lwatcher/familiar-app), the instructions to clone and execute remote code with elevated privileges represent a significant security risk without clear evidence of malicious intent.
能力评估
Purpose & Capability
The skill claims to deploy an autonomous poster on X/Twitter and the instructions show how to clone and run a Node.js app that provides the dashboard and posting engine — that part is coherent. However, posting to X/Twitter normally requires API keys/OAuth tokens; the SKILL.md does not declare any required credentials or explain how to supply them. It also mentions agent tools (auto_reply, check_x_stats) that imply external integration. The absence of declared credentials for the platform the skill integrates with is a misalignment.
Instruction Scope
The SKILL.md directs the user/agent to git clone a GitHub repo and run node api-server.js, create and enable a systemd service, and open a firewall port (ufw allow 18790/tcp). It also documents a default admin password (admin/familiar). These instructions involve fetching and executing remote code, making persistent system changes, and exposing a web UI — but provide no guidance on securing the service (TLS, hardening, rate limits) or how external posting credentials are handled. Opening the port coupled with a default password is a security risk.
Install Mechanism
There is no formal install spec in the registry, but the runtime instructions instruct cloning code from https://github.com/m-lwatcher/familiar-app and running it. Pulling and running third-party code from a GitHub repo is a moderate-to-high risk action unless the repository and release artifacts are audited and trusted. The repo owner is not documented in the registry metadata, and there are no pinned releases or checksums suggested.
Credentials
Registry metadata declares no required environment variables, yet the SKILL.md references FAMILIAR_PASSWORD and the app's posting functionality to X/Twitter would require API credentials (tokens/keys) that are not declared or explained. This omission means the skill asks you to run networked, credentialed behaviour without telling you what secrets it will use or need, which is disproportionate and opaque.
Persistence & Privilege
The instructions explicitly create and enable a systemd service and modify the firewall, actions that require elevated privileges and create a persistent background process. While persisting a service is consistent with deploying a web app, the skill does this without recommending best practices (running as a dedicated non-root user is mentioned but not enforced, no TLS, default credentials present). Persistent privileged changes plus exposed endpoints increase attack surface and should be treated cautiously.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install familiar-app - 安装完成后,直接呼叫该 Skill 的名称或使用
/familiar-app触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — deploy and manage AI familiar social presence platform. Source on GitHub: m-lwatcher/familiar-app
元数据
常见问题
Familiar App 是什么?
Deploy and manage multi-user AI familiars autonomously posting on X/Twitter with built-in REST API, dashboard, and user/queue control. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 91 次。
如何安装 Familiar App?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install familiar-app」即可一键安装,无需额外配置。
Familiar App 是免费的吗?
是的,Familiar App 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Familiar App 支持哪些平台?
Familiar App 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Familiar App?
由 m-lwatcher(@m-lwatcher)开发并维护,当前版本 v1.0.0。
推荐 Skills