← 返回 Skills 市场

Follow

Name: Follow
Author: ivangdavila

作者 Iván · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

765

总下载

当前安装

版本数

在 OpenClaw 中安装

/install follow

功能描述

Monitor content from people, topics, and sources across platforms with smart filtering, tiered alerts, and searchable archives.

使用说明 (SKILL.md)

Workspace

~/follow/
├── sources/           # One file per followed entity
│   ├── people/        # @naval.md, @dhh.md
│   ├── topics/        # ai-safety.md, rust.md
│   └── feeds/         # techcrunch.md, hn-frontpage.md
├── archive/           # Captured content by date
│   └── YYYY-MM/
├── alerts.md          # Alert configuration
└── index.md           # Quick status: what's being followed

Quick Reference

Task	Load
Add/configure sources	`sources.md`
Set up filtering rules	`filtering.md`
Configure alert tiers	`alerts.md`
Query archived content	`querying.md`
Platform-specific setup	`platforms.md`

Core Loop

Add source: User names person/topic/feed → create tracking file
Monitor: Check sources on schedule (cron) or on-demand
Filter: Apply relevance rules, skip noise
Store: Archive what matters (summaries, not full dumps)
Alert: Notify based on tier (immediate/daily/weekly/passive)
Query: Answer "what did X say about Y?" from archive

Common Patterns

User says	Agent does
"Follow @naval on Twitter"	Create `sources/people/naval.md`, configure Twitter monitoring
"Track AI safety discussions"	Create topic tracker with keywords across multiple sources
"What has Competitor X posted this week?"	Query archive, synthesize summary
"Alert me immediately when Y happens"	Add to high-priority tier in `alerts.md`
"Give me a weekly digest of everything"	Configure weekly summary in alerts
"Stop following X"	Archive and mark inactive

Capture Principles

Summaries over full content — save space, stay legal
Links + timestamps always — retrievable later
Context for why it matters — not just "X posted"
Deduplicate across sources — same news from 5 places = 1 entry

安全使用建议

This skill's documentation describes monitoring many platforms, scraping fallbacks, downloading videos (yt-dlp), transcribing, and writing an archive in ~/follow — but the package declares no binaries, installs, or credentials. Before installing or trusting this: - Ask the author to clarify required binaries (e.g., yt-dlp, ffmpeg), third-party services, and exact install steps. - Confirm what credentials are needed for each platform and insist they be declared (and limited to read-only tokens where possible). Do not hand over full account passwords; prefer per-service API tokens with minimum scopes. - Decide whether you permit scraping or storing paywalled/private content; get a retention/encryption policy for the archive (~follow). - If the agent will schedule cron jobs or write files, confirm where those run (your machine, a hosted agent) and what permissions they have. - Test first with non-sensitive, public sources and a small follow list to observe behavior. Given the mismatches, treat this skill as untrusted until the missing operational details and credential requirements are clarified.

功能分析

Type: OpenClaw Skill Name: follow Version: 1.0.0 The skill bundle is classified as suspicious due to its reliance on high-risk capabilities, particularly the explicit mention of executing external command-line tools like `yt-dlp` and 'Telegram export tools' (in `platforms.md`). While these are described as part of the skill's legitimate content monitoring function, they introduce a significant attack surface for potential shell injection vulnerabilities if user-provided input is not rigorously sanitized. The skill also requires extensive network access for fetching content and file system access for archiving, which, if mishandled, could lead to other security flaws. However, there is no clear evidence of intentional malicious behavior such as data exfiltration, persistence, or unauthorized remote control designed into the skill's instructions or logic.

能力评估

⚠ Purpose & Capability

The skill claims to monitor many platforms (Twitter/X, YouTube, LinkedIn, Telegram, GitHub, Substack, RSS, etc.) and to use APIs or tools (yt-dlp, Nitter scraping, RSS, GitHub API). Yet the metadata lists no required binaries, no install steps, and no required credentials. Legitimately using many of these integrations typically requires API keys, account logins, or binaries (yt-dlp, ffmpeg) — the lack of declared requirements is inconsistent with the stated purpose.

⚠ Instruction Scope

SKILL.md and companion docs instruct the agent to create files under ~/follow, run scheduled monitoring (cron) or on-demand checks, scrape or use APIs, archive captured content, and transcribe long-form media. Those instructions imply filesystem read/write, network requests to third-party services (including scraping fallbacks like Nitter), and potential handling of paywalled or account-only content (LinkedIn, Substack paywalls, private Telegram channels). The instructions do not limit or clarify what counts as acceptable scraping, what credentials are needed, or how to avoid private-data access — granting broad discretion to the agent.

ℹ Install Mechanism

This is instruction-only with no install spec, which is low-risk by itself. However, the docs explicitly mention external CLI tools/services (yt-dlp, Nitter) and monitoring approaches that normally require binaries or third-party endpoints. Because there is no install section, it's unclear whether the agent expects these tools to already exist or will attempt ad-hoc installs; that ambiguity increases operational risk.

⚠ Credentials

The skill declares no required environment variables or primary credential, yet the instructions repeatedly reference API-based access and account-bound methods (Twitter/X API, GitHub API, Telegram bots, LinkedIn login, Substack subscriptions). Requesting no credentials is disproportionate: to function as described the skill will need some tokens/accounts. This mismatch could lead either to silent failures or to ad-hoc prompts/requests for credentials at runtime — a privacy and security concern.

ℹ Persistence & Privilege

always:false (no forced persistence) and no install spec. The skill intends to create a workspace under ~/follow and schedule monitoring (cron suggested), which grants it ongoing local storage and potentially scheduled execution. That is a normal pattern for a monitoring tool but should be explicit: the skill doesn't declare cron setup steps or where scheduled jobs run, which leaves room for confusion about persistence and privilege.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install follow
安装完成后，直接呼叫该 Skill 的名称或使用 /follow 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug follow

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Follow 是什么？

Monitor content from people, topics, and sources across platforms with smart filtering, tiered alerts, and searchable archives. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 765 次。

如何安装 Follow？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install follow」即可一键安装，无需额外配置。

Follow 是免费的吗？

是的，Follow 完全免费（开源免费），可自由下载、安装和使用。

Follow 支持哪些平台？

Follow 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Follow？

由 Iván（@ivangdavila）开发并维护，当前版本 v1.0.0。