← 返回 Skills 市场
frigatebird
作者
Oceanswave
· GitHub ↗
· v1.0.0
1111
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install frigatebird
功能描述
Use the frigatebird npm package to interact with X from the CLI with bird-style command parity, posting/reply/article support, and list automation without X API keys.
使用说明 (SKILL.md)
Frigatebird Skill
Frigatebird is a Playwright-first CLI and npm package (frigatebird) that preserves bird command ergonomics while running against X via browser session cookies.
Use This Skill When
- The user asks for
bird-style CLI workflows on X. - The user needs posting/reply/article actions from CLI.
- The user needs list automation (
add,remove,batch,lists). - The user needs API-key-free browser-cookie operation.
Package and Install
- npm package:
frigatebird - Global install:
npm install -g frigatebird - Local use:
npx frigatebird \x3Ccommand>
Core Workflow
- Validate auth/session:
frigatebird checkfrigatebird whoami
- Read flows (use JSON when scripting):
frigatebird read \x3Ctweet-id-or-url> --jsonfrigatebird search "\x3Cquery>" --jsonfrigatebird home --json
- Mutation flows:
frigatebird tweet "\x3Ctext>"frigatebird reply \x3Ctweet-id-or-url> "\x3Ctext>"frigatebird article "\x3Ctitle>" "\x3Cbody>"
- List automation:
frigatebird add "\x3CList Name>" @handle1 @handle2frigatebird remove @handle "\x3CList Name>"frigatebird batch accounts.json
- For larger reads, use paging controls:
--all,--max-pages,--cursor,-n
Feature Coverage
- Posting/mutations:
tweet,post,reply,article,like,retweet,follow,unfollow,unbookmark - Read/timelines:
read,replies,thread,search,mentions,user-tweets,home,bookmarks,likes,list-timeline,news,about - Identity/health:
check,whoami,query-ids,help - List automation:
add,remove,batch,lists,list,refresh
Options That Matter Most
- Auth/cookies:
--auth-token,--ct0,--cookie-source,--chrome-profile,--firefox-profile - Determinism/testing:
--base-url,--plain,--no-color - Pagination:
-n,--all,--max-pages,--cursor,--delay - Output:
--json,--json-full - Media posting:
--media,--alt
Live E2E Notes
- Standard live mutation e2e does not run premium-feature checks by default.
- Premium-feature e2e opt-in:
npm run test:e2e:live -- --list-name \x3Cname> --enable-premium-features-e2e --article-cookie-source chrome --article-expected-handle-prefix \x3Cprefix>
Caveats
- This tool depends on X web UI selectors; selector drift can break flows.
query-idsis retained for command compatibility and does not drive Playwright execution.- Some GraphQL-specific behavior from original
birdis represented as compatibility flags in Playwright mode.
安全使用建议
This skill describes a legitimate-sounding use (controlling X via browser cookies instead of API keys), but it has transparency and provenance gaps. Before installing or running anything: 1) Do not run npm install -g frigatebird or npx frigatebird unless you trust the package source—no homepage or repo is provided here. 2) Understand that operation requires session cookies or browser profiles (ct0, cookie files, chrome/firefox profiles). Those are equivalent to account credentials—sharing them or pointing a tool at them can give full account access. 3) If you must use this flow, prefer to run the CLI in a sandboxed environment or inspect the package source code first (look up the npm package, repository, and recent maintainers). 4) Ask the skill author to declare required config paths/credentials in metadata and to provide a repository/homepage and security/privacy notes about how session tokens/cookies are read, stored, and transmitted. Without those, treat installation as risky.
功能分析
Type: OpenClaw Skill
Name: frigatebird
Version: 1.0.0
The skill bundle is classified as suspicious due to the explicit mention of capabilities to access sensitive browser data. The `SKILL.md` file details options like `--chrome-profile`, `--firefox-profile`, `--cookie-source`, `--auth-token`, and `--ct0` for the `frigatebird` tool. While these are presented as necessary for its stated purpose of 'API-key-free browser-cookie operation' with X, they grant broad access to potentially sensitive user data within browser profiles. This capability, if exploited by a malicious user prompt, could lead to unauthorized data access or exfiltration, even though the skill's instructions themselves do not explicitly command such malicious actions.
能力评估
Purpose & Capability
The name/description match the SKILL.md: this is a Playwright-based CLI that operates against X using browser session cookies rather than API keys. Asking for cookie/profile inputs is consistent with that goal. However, the skill metadata declares no config paths or credentials while the runtime instructions explicitly reference cookie and browser-profile options (e.g., --cookie-source, --chrome-profile, --ct0), so there is a transparency gap about required local access.
Instruction Scope
SKILL.md instructs installing/using the third‑party npm package (npm install -g frigatebird / npx frigatebird) and documents flags that imply reading browser cookies, profile directories, or session tokens. Although it doesn't contain explicit steps like "read ~/.config/..." the presence of --chrome-profile/--cookie-source/--ct0 flags strongly implies access to sensitive local data (cookies/session tokens). The instructions do not limit or explain how those secrets are handled, nor do they declare that you must supply or allow access to them.
Install Mechanism
There is no install spec baked into the skill (instruction-only), which lowers direct platform risk. But the SKILL.md tells users/agents to install an npm package whose source/homepage is absent from the metadata. Installing an unreviewed npm package (global or via npx) can execute arbitrary code on the host. The absence of a repository/homepage or vendored code means the package cannot be audited from this skill bundle.
Credentials
The skill declares no required env vars or config paths, yet documents flags for sensitive tokens and cookie/profile sources (e.g., --auth-token, --ct0, --cookie-source, --chrome-profile). These are highly sensitive (session cookies/tokens) and the skill does not declare that access in metadata nor describe safe handling. That mismatch means users may not realize what credentials or local files are needed or at risk.
Persistence & Privilege
The skill does not request elevated platform privileges, does not set always:true, and does not include an install script in the bundle. It doesn't ask to modify other skills or agent settings. However, because it encourages installing an external npm package, that package could request persistence at install/runtime (outside the scope of this bundle).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install frigatebird - 安装完成后,直接呼叫该 Skill 的名称或使用
/frigatebird触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the frigatebird skill for X CLI workflows.
- Enables `bird`-style command-line interaction with X using the frigatebird npm package.
- Supports posting, replying, article publishing, and list automation without X API keys.
- Offers session-based authentication via browser cookies.
- Includes robust tooling for read, mutation, and list management workflows.
- Provides essential options for authentication, pagination, and output formatting.
- Documents caveats regarding web UI selector drift and compatibility modes.
元数据
常见问题
frigatebird 是什么?
Use the frigatebird npm package to interact with X from the CLI with bird-style command parity, posting/reply/article support, and list automation without X API keys. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1111 次。
如何安装 frigatebird?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install frigatebird」即可一键安装,无需额外配置。
frigatebird 是免费的吗?
是的,frigatebird 完全免费(开源免费),可自由下载、安装和使用。
frigatebird 支持哪些平台?
frigatebird 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 frigatebird?
由 Oceanswave(@oceanswave)开发并维护,当前版本 v1.0.0。
推荐 Skills