功能描述

Manage content, chats, subscribers, and earnings on the Fanvue creator platform via OAuth 2.0 API.

使用说明 (SKILL.md)

Fanvue API Skill

Name: Fanvue
Author: igorls

Integrate with the Fanvue creator platform to manage chats, posts, subscribers, earnings insights, and media content.

Prerequisites

1. Create an OAuth Application

Go to the Fanvue Developer Portal
Create a new OAuth application
Note your Client ID and Client Secret
Configure your Redirect URI (e.g., https://your-app.com/callback)

2. Environment Variables

Set these environment variables:

FANVUE_CLIENT_ID=your_client_id
FANVUE_CLIENT_SECRET=your_client_secret
FANVUE_REDIRECT_URI=https://your-app.com/callback

Authentication

Fanvue uses OAuth 2.0 with PKCE (Proof Key for Code Exchange). All API requests require:

Authorization Header: Bearer \x3Caccess_token>
API Version Header: X-Fanvue-API-Version: 2025-06-26

OAuth Scopes

Request these scopes based on your needs:

Scope	Access
`openid`	OpenID Connect authentication
`offline_access`	Refresh token support
`offline`	Offline access
`read:self`	Read authenticated user profile
`read:chat`	Read chat conversations
`write:chat`	Send messages, update chats
`read:post`	Read posts
`write:post`	Create posts
`read:creator`	Read subscriber/follower data
`read:media`	Read media vault
`write:tracking_links`	Manage campaign links
`read:insights`	Read earnings/analytics (creator accounts)
`read:subscribers`	Read subscriber lists (creator accounts)

Note: Some endpoints (subscribers, insights, earnings) require a creator account and may need additional scopes not listed in the public documentation.

Quick Auth Flow

import { randomBytes, createHash } from 'crypto';

// 1. Generate PKCE parameters
const codeVerifier = randomBytes(32).toString('base64url');
const codeChallenge = createHash('sha256')
  .update(codeVerifier)
  .digest('base64url');

// 2. Build authorization URL
const authUrl = new URL('https://auth.fanvue.com/oauth2/auth');
authUrl.searchParams.set('client_id', process.env.FANVUE_CLIENT_ID);
authUrl.searchParams.set('redirect_uri', process.env.FANVUE_REDIRECT_URI);
authUrl.searchParams.set('response_type', 'code');
authUrl.searchParams.set('scope', 'openid offline_access read:self read:chat write:chat read:post');
authUrl.searchParams.set('state', randomBytes(32).toString('hex'));
authUrl.searchParams.set('code_challenge', codeChallenge);
authUrl.searchParams.set('code_challenge_method', 'S256');

// Redirect user to: authUrl.toString()

// 3. Exchange authorization code for tokens
const tokenResponse = await fetch('https://auth.fanvue.com/oauth2/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: new URLSearchParams({
    grant_type: 'authorization_code',
    client_id: process.env.FANVUE_CLIENT_ID,
    client_secret: process.env.FANVUE_CLIENT_SECRET,
    code: authorizationCode,
    redirect_uri: process.env.FANVUE_REDIRECT_URI,
    code_verifier: codeVerifier,
  }),
});

const tokens = await tokenResponse.json();
// tokens.access_token, tokens.refresh_token

API Base URL

All API requests go to: https://api.fanvue.com

Standard Request Headers

const headers = {
  'Authorization': `Bearer ${accessToken}`,
  'X-Fanvue-API-Version': '2025-06-26',
  'Content-Type': 'application/json',
};

Agent Automation

These workflows are designed for AI agents automating Fanvue creator accounts.

Accessing Images (with Signed URLs)

The basic /media endpoint only returns metadata. To get actual viewable URLs, use the variants query parameter:

// Step 1: List all media
const list = await fetch('https://api.fanvue.com/media', { headers });
const { data } = await list.json();

// Step 2: Get signed URLs for a specific media item
const media = await fetch(
  `https://api.fanvue.com/media/${uuid}?variants=main,thumbnail,blurred`, 
  { headers }
);
const { variants } = await media.json();

// variants = [
//   { variantType: 'main', url: 'https://media.fanvue.com/private/...' },
//   { variantType: 'thumbnail', url: '...' },
//   { variantType: 'blurred', url: '...' }
// ]

Variant Types:

main - Full resolution original
thumbnail - Optimized preview (smaller)
blurred - Censored version for teasers

Creating a Post with Media

// Step 1: Have existing media UUIDs from vault
const mediaIds = ['media-uuid-1', 'media-uuid-2'];

// Step 2: Create post
const response = await fetch('https://api.fanvue.com/posts', {
  method: 'POST',
  headers,
  body: JSON.stringify({
    text: 'Check out my new content! 🔥',
    mediaIds,
    audience: 'subscribers',  // or 'followers-and-subscribers'
    // Optional:
    price: null,              // Set for pay-per-view
    publishAt: null,          // Set for scheduled posts
  }),
});

Audience Options:

Value	Who Can See
`subscribers`	Paid subscribers only
`followers-and-subscribers`	Both free followers and subscribers

Sending Messages with Media

// Get subscriber list for decision making
const subs = await fetch('https://api.fanvue.com/creators/list-subscribers', { headers });
const { data: subscribers } = await subs.json();

// Get top spenders for VIP targeting
const vips = await fetch('https://api.fanvue.com/insights/get-top-spenders', { headers });
const { data: topSpenders } = await vips.json();

// Send personalized message with media
await fetch('https://api.fanvue.com/chat-messages', {
  method: 'POST',
  headers,
  body: JSON.stringify({
    recipientUuid: subscribers[0].userUuid,
    content: 'Thanks for being a subscriber! Here\'s something special for you 💕',
    mediaIds: ['vault-media-uuid'],  // Attach media from vault
  }),
});

// Or send to multiple subscribers at once
await fetch('https://api.fanvue.com/chat-messages/mass', {
  method: 'POST',
  headers,
  body: JSON.stringify({
    recipientUuids: subscribers.map(s => s.userUuid),
    content: 'New exclusive content just dropped! 🎉',
    mediaIds: ['vault-media-uuid'],
  }),
});

Agent Decision Context

For effective automation, gather this context:

interface AutomationContext {
  // Current media in vault
  media: {
    uuid: string;
    name: string;
    type: 'image' | 'video';
    description: string;  // AI-generated caption
    signedUrl: string;    // From variants query
  }[];
  
  // Audience data
  subscribers: {
    uuid: string;
    name: string;
    subscribedAt: string;
    tier: string;
  }[];
  
  // Engagement signals
  topSpenders: {
    uuid: string;
    totalSpent: number;
  }[];
  
  // Recent earnings for trend analysis
  earnings: {
    period: string;
    total: number;
    breakdown: { type: string; amount: number }[];
  };
}

Core Operations

Get Current User

const response = await fetch('https://api.fanvue.com/users/me', { headers });
const user = await response.json();

List Chats

const response = await fetch('https://api.fanvue.com/chats', { headers });
const { data, pagination } = await response.json();

Send a Message

const response = await fetch('https://api.fanvue.com/chat-messages', {
  method: 'POST',
  headers,
  body: JSON.stringify({
    recipientUuid: 'user-uuid-here',
    content: 'Hello! Thanks for subscribing!',
  }),
});

Create a Post

const response = await fetch('https://api.fanvue.com/posts', {
  method: 'POST',
  headers,
  body: JSON.stringify({
    content: 'New content available!',
    // Add media IDs, pricing, etc.
  }),
});

Get Earnings

const response = await fetch('https://api.fanvue.com/insights/get-earnings', { headers });
const earnings = await response.json();

List Subscribers

const response = await fetch('https://api.fanvue.com/creators/list-subscribers', { headers });
const { data } = await response.json();

API Reference

See api-reference.md for the complete endpoint documentation.

Token Refresh

Access tokens expire. Use the refresh token to get new ones:

const response = await fetch('https://auth.fanvue.com/oauth2/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: new URLSearchParams({
    grant_type: 'refresh_token',
    client_id: process.env.FANVUE_CLIENT_ID,
    client_secret: process.env.FANVUE_CLIENT_SECRET,
    refresh_token: currentRefreshToken,
  }),
});

const newTokens = await response.json();

Error Handling

Common HTTP status codes:

Status	Meaning
`200`	Success
`400`	Bad request - check your parameters
`401`	Unauthorized - token expired or invalid
`403`	Forbidden - missing required scope
`404`	Resource not found
`429`	Rate limited - slow down requests

Resources

安全使用建议

What to check before installing/using this skill: - Provenance: the skill's source/homepage is missing and the owner id is unfamiliar. Prefer skills with a documented homepage or known publisher. Ask the publisher for a repository or contact info. - Metadata mismatch: the registry lists no required env vars, but SKILL.md and examples require FANVUE_CLIENT_ID, FANVUE_CLIENT_SECRET, and FANVUE_REDIRECT_URI. Confirm with the publisher why the manifest omits these and ensure the platform will prompt you to supply them securely. - Least privilege: only grant the OAuth scopes the agent truly needs. Scopes like offline_access (refresh tokens), read:subscribers, read:insights and write:* give broad access (read earnings/subscribers and create posts/messages). If you don't want the agent to send messages or post automatically, omit write scopes. - Credential handling: the examples use client_secret and exchange/refresh flows. Ensure the environment storing these secrets is secure and that tokens/refresh tokens are not logged or exported. Prefer confidential client flows when possible. - Autonomous actions: with valid tokens the skill can act on your account (post content, message subscribers, view earnings). If you will allow autonomous invocation, be comfortable that those actions are acceptable. Otherwise disable autonomous invocation or limit scopes. - Verify redirect/callback: when creating the OAuth app, set a redirect URI you control and verify the auth flow before handing over tokens. If you cannot verify the publisher or correct the metadata mismatch, treat the skill as untrusted and do not provide your Fanvue client secret or long-lived tokens.

功能分析

Type: OpenClaw Skill Name: fanvue Version: 1.0.0 The skill bundle is benign. All code and documentation align with the stated purpose of managing content, chats, subscribers, and earnings on the Fanvue creator platform. Network calls are exclusively directed to legitimate Fanvue domains (auth.fanvue.com, api.fanvue.com). The skill correctly handles OAuth 2.0 with PKCE, requiring standard environment variables (FANVUE_CLIENT_ID, FANVUE_CLIENT_SECRET, FANVUE_REDIRECT_URI). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts in SKILL.md or api-reference.md that would instruct an AI agent to perform unauthorized or harmful actions.

能力评估

ℹ Purpose & Capability

Name/description, SKILL.md, api-reference and example code all consistently target Fanvue creator account management (posts, chats, media, subscribers, earnings). The requested OAuth scopes and API endpoints align with that purpose. However the registry metadata claims no required environment variables or primary credential while the SKILL.md and code explicitly require FANVUE_CLIENT_ID, FANVUE_CLIENT_SECRET, and FANVUE_REDIRECT_URI — a clear metadata mismatch.

✓ Instruction Scope

The SKILL.md instructions and included example code limit actions to Fanvue API calls (auth flow, listing media, posts, messages, insights). There are no instructions to read unrelated local files, system config, or send data to third-party endpoints beyond Fanvue auth/api domains.

✓ Install Mechanism

No install spec is present (instruction-only with example code). That minimizes install-time risk — nothing is downloaded or written by an installer. The code files are example helpers and API schemas; no build/install steps are declared.

⚠ Credentials

SKILL.md and the example code require FANVUE_CLIENT_ID, FANVUE_CLIENT_SECRET, and FANVUE_REDIRECT_URI and describe requesting sensitive OAuth scopes (offline_access, read:subscribers, read:insights, write:chat, write:post). Those are appropriate for the declared functionality, but the registry metadata incorrectly lists no required env vars/credentials. Because the skill needs confidential credentials (client secret) and will obtain access/refresh tokens that grant account-level actions (posting, messaging, reading earnings/subscriber lists), the mismatch in declared credentials is a meaningful red flag and warrants verification before granting secrets.

✓ Persistence & Privilege

The skill is not marked always:true and does not request system-level persistence. It will operate via OAuth tokens (which grant account access), and the platform default allows autonomous invocation; that is normal for a skills integration. There is no evidence the skill modifies other skills or system configs.

版本历史

v1.0.0

Fanvue skill initial release. - Integrates with Fanvue via OAuth 2.0 (PKCE) for secure authentication. - Provides guides and TypeScript snippets for managing chats, posts, media, subscribers, and earnings. - Details required OAuth scopes and request headers. - Explains media access workflow using signed URLs and media variants. - Covers core API operations: messaging, posting, audience management, and earnings retrieval. - Designed for automating creator accounts and agent workflows.

元数据

Slug fanvue

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Fanvue 是什么？

Manage content, chats, subscribers, and earnings on the Fanvue creator platform via OAuth 2.0 API. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2087 次。

如何安装 Fanvue？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install fanvue」即可一键安装，无需额外配置。

Fanvue 是免费的吗？

是的，Fanvue 完全免费（开源免费），可自由下载、安装和使用。

Fanvue 支持哪些平台？

Fanvue 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Fanvue？

由 igorls（@igorls）开发并维护，当前版本 v1.0.0。

Fanvue