← 返回 Skills 市场
Podcast to Substack
作者
danielfoch
· GitHub ↗
· v1.0.0
796
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install podcast-to-substack
功能描述
Publish podcast episodes from RSS and Notion to Substack with Apple Podcasts embeds and images, then generate LinkedIn-ready companion posts.
安全使用建议
This skill appears to implement exactly the podcast → Substack → LinkedIn workflow described, but the metadata omitted important details. Before installing or running it: 1) Confirm you'll provide a Notion API key (NOTION_API_KEY) and understand that the script will look for ~/.config/notion/api_key as a fallback. 2) Determine how Substack and LinkedIn publishing will be authenticated (this skill does not declare or implement those credentials). 3) Run the scripts in an isolated environment (container or dedicated VM) because they will download images from external URLs and may pip-install feedparser at runtime. 4) Inspect the scripts yourself (they are included) to confirm you are comfortable with network calls to Notion and arbitrary image hosts. 5) If you plan to let an agent invoke this autonomously, add explicit checks or logging for what gets published and which accounts are used. If you want me to, I can produce a checklist of the exact credentials/configuration to add to the skill metadata and a minimal wrapper to safely sandbox runtime installs and network access.
功能分析
Type: OpenClaw Skill
Name: podcast-to-substack
Version: 1.0.0
The skill bundle is suspicious primarily due to potential shell injection vulnerabilities in `SKILL.md`. The markdown instructs the AI agent to execute `python3` scripts with user-provided inputs (`$RSS_URL`, `EPISODE_NUMBER`) directly within bash commands. If the AI agent does not properly sanitize these inputs before execution, an attacker could inject arbitrary shell commands. While the Python scripts themselves do not show explicit malicious intent, this execution pattern represents a significant vulnerability. Additionally, `scripts/fetch_notion_episode.py` downloads images from external URLs and saves them to a local directory, which, while defaulting to a safe path, could pose a path traversal risk if the `--download-dir` argument were user-controlled.
能力评估
Purpose & Capability
The name/description (publish podcast episodes from RSS + Notion to Substack and generate LinkedIn posts) aligns with the included scripts: fetch_rss.py, fetch_notion_episode.py, render_linkedin_post.py, and a small shell helper for Apple Podcasts. Nothing in the code asks for unrelated cloud provider credentials or system-level access. However the skill metadata lists no required environment variables while the SKILL.md and the Notion fetcher explicitly require a NOTION_API_KEY and fallback to ~/.config/notion/api_key; Substack/LinkedIn publish access is noted as an input but not declared in the registry. That mismatch between declared requirements and actual operations is a proportionality/information gap.
Instruction Scope
The SKILL.md contains explicit, narrow runtime steps (run fetch_rss, fetch_notion_episode which recursively traverses Notion blocks and downloads images, build/publish via Substack playbook, render LinkedIn post). These steps stay within the stated publishing/cross-posting scope. Caveats: the instructions reference reading a local Notion API key file (~/.config/notion/api_key) and performing image downloads to local disk; they also leave posting/queuing LinkedIn and publishing to Substack as manual/unspecified steps (credentials/automation details for Substack/LinkedIn are not documented). The scripts will open network connections to Notion and to image URLs; this is expected but should be acknowledged.
Install Mechanism
There is no install spec (instruction-only install), so nothing is written to disk at install time beyond the included scripts. One script (fetch_rss.py) dynamically pip-installs feedparser if it's missing via subprocess.check_call; that is a runtime install behavior rather than a preinstall step. No downloads from opaque URLs or archive extraction are present.
Credentials
The registry lists no required env vars or primary credential, but the SKILL.md and fetch_notion_episode.py require a Notion API key (NOTION_API_KEY or ~/.config/notion/api_key). The skill also expects 'Substack publish access' and to be able to post/queue LinkedIn content, which implies additional credentials or OAuth tokens that are not declared. Requesting a workspace API key that grants read access to Notion pages is legitimate for the stated purpose, but the omission from metadata is a mismatch and increases risk because the platform/action gate can't surface the needed secrets to the user. Downloads of images from arbitrary URLs (present in page content) are also performed and stored locally; while expected, this means the skill will fetch external content using your system's network egress.
Persistence & Privilege
The skill does not request permanent automatic inclusion (always: false) and does not modify other skills or global agent settings. It writes files (downloaded images, created drafts) into working directories when run, which is normal for this workflow. The agent-autonomous-invocation flag is at its default; that alone is not a concern and is expected for actionable skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install podcast-to-substack - 安装完成后,直接呼叫该 Skill 的名称或使用
/podcast-to-substack触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial OpenClaw release.
元数据
常见问题
Podcast to Substack 是什么?
Publish podcast episodes from RSS and Notion to Substack with Apple Podcasts embeds and images, then generate LinkedIn-ready companion posts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 796 次。
如何安装 Podcast to Substack?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install podcast-to-substack」即可一键安装,无需额外配置。
Podcast to Substack 是免费的吗?
是的,Podcast to Substack 完全免费(开源免费),可自由下载、安装和使用。
Podcast to Substack 支持哪些平台?
Podcast to Substack 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Podcast to Substack?
由 danielfoch(@danielfoch)开发并维护,当前版本 v1.0.0。
推荐 Skills