← 返回 Skills 市场
2832
总下载
1
收藏
7
当前安装
3
版本数
在 OpenClaw 中安装
/install pinterest
功能描述
Search and browse Pinterest pins, get pin details, and send actual images to the user via Telegram/messaging. Use when the user wants to find inspiration, search for images/ideas, or browse Pinterest content. Sends images directly, not just links.
安全使用建议
This skill appears to implement Pinterest scraping and an optional OAuth-backed API, but there are a few things to check before installing:
- The code and docs reference PINTEREST_ACCESS_TOKEN but the skill metadata does not declare any required environment variables — ask the publisher to declare PINTEREST_ACCESS_TOKEN as a required credential so you know when a secret is needed.
- The included Python script will run pip install httpx at runtime (it performs a subprocess installation). That modifies the runtime environment and fetches code from PyPI; prefer an explicit install step in the manifest or vendor/lock dependencies so you can audit them before they’re installed.
- The skill uses web scraping and instructs the agent to take snapshots/screenshots and send image files directly. That behavior is consistent with the stated purpose but increases privacy and copyright risk (it pulls and transmits image content from the web). Only enable it if you trust the skill owner and you’re comfortable with the agent fetching/sending external images.
Recommendations:
1) Ask the author to update the manifest to declare PINTEREST_ACCESS_TOKEN (requires.env) and to list dependencies or provide an install spec instead of doing runtime pip installs.
2) Audit the included script (scripts/pinterest_api.py) in full before running it in a production or privileged environment.
3) If you supply an access token, use a dedicated, least-privilege token (only boards:read/pins:read if possible) and store it securely.
4) Consider limiting autonomous invocation for this skill until you’re comfortable with its behavior (or monitor its network activity).
If the publisher cannot clarify these points, treat the skill with caution or classify it as untrusted.
功能分析
Type: OpenClaw Skill
Name: pinterest
Version: 1.1.1
The skill is classified as suspicious due to the presence of risky capabilities, specifically the runtime installation of dependencies and extensive web scraping. The `scripts/pinterest_api.py` file uses `subprocess.check_call` to install the `httpx` library if it's not found, which, while for a legitimate library, represents a capability to execute arbitrary commands during runtime. Additionally, the script performs web scraping of `pinterest.com` using `httpx` and regex, involving arbitrary network requests and parsing untrusted HTML, which are inherently risky operations. While these actions are plausibly needed for the skill's stated purpose of searching and browsing Pinterest, they constitute 'risky capabilities without clear malicious intent' as per the provided guidelines.
能力评估
Purpose & Capability
The skill's name/description (search & send Pinterest images) matches the included code and instructions: it scrapes Pinterest pages, converts i.pinimg URLs to 'originals', and can use Pinterest OAuth for the official API. However the registry metadata claims no required env vars while the code and SKILL.md reference a PINTEREST_ACCESS_TOKEN for API calls (not declared), and the package is marked 'instruction-only' despite including a runnable script—this mismatch is unexpected.
Instruction Scope
SKILL.md instructs the agent to navigate Pinterest pages, snapshot/screenshot pages, extract image URLs, and send image files directly via messaging. It also documents an API path requiring an access token. The instructions access environment state (PINTEREST_ACCESS_TOKEN) that is not declared in the skill metadata, and direct the agent to perform web scraping and file-sending operations which broaden data exfiltration risk compared with a simple API-only integration.
Install Mechanism
No install spec is provided in the registry, but the included script dynamically installs the 'httpx' Python package at runtime via subprocess.check_call([python, '-m', 'pip', 'install', ...]). Dynamic pip installation executes network code and writes packages to disk at runtime; this is higher-risk than a declared, reviewed install step and should be explicit in the manifest.
Credentials
The only credential the skill needs (per code and docs) is PINTEREST_ACCESS_TOKEN for API access, which is reasonable for OAuth operations. However the skill's metadata lists no required env vars (none declared), so the required access token is not declared up-front. That omission reduces transparency and makes it easy to miss that you must provide a secret to enable API features.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and is user-invocable only by default. It does perform network requests and may install a Python package at runtime, but it does not request persistent elevated privileges in the manifest.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pinterest - 安装完成后,直接呼叫该 Skill 的名称或使用
/pinterest触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
Send actual images to chat, not links
v1.1.0
Send actual images to Telegram, not links. High-res URL conversion + screenshot fallback.
v1.0.0
Initial release: Search and browse Pinterest pins using browser or API
元数据
常见问题
Pinterest 是什么?
Search and browse Pinterest pins, get pin details, and send actual images to the user via Telegram/messaging. Use when the user wants to find inspiration, search for images/ideas, or browse Pinterest content. Sends images directly, not just links. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2832 次。
如何安装 Pinterest?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pinterest」即可一键安装,无需额外配置。
Pinterest 是免费的吗?
是的,Pinterest 完全免费(开源免费),可自由下载、安装和使用。
Pinterest 支持哪些平台?
Pinterest 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pinterest?
由 sam1337(@0xs4m1337)开发并维护,当前版本 v1.1.1。
推荐 Skills