← 返回 Skills 市场
yunneetoichoi

qwe

作者 Phan Văn Năng · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
212
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install qwe
功能描述
Facebook Publisher Skill (Automate Page Posts via Graph API)
安全使用建议
This skill largely does what it claims (posting to Facebook Pages), but there are several red flags you should address before running it: 1) config.validate() requires OPENAI_API_KEY and APIFY_API_TOKEN even though those services are unused — remove or understand why they are required. 2) The token helper explicitly tells you to pick a specific App ID in Graph Explorer (4348763312075291) — do not use someone else's app; generate tokens with your own app and app secret. 3) The helper prints long-lived tokens to the console and writes them to fb_tokens_output.json; remove printing and file writes or ensure you run in an isolated environment and never commit saved token files. 4) If you plan to run these scripts, run them in an isolated VM/container, review and remove any hardcoded sample values, and avoid pasting production secrets until you confirm the code has been cleaned. Given these issues, proceed only after code cleanup or further verification.
功能分析
Type: OpenClaw Skill Name: qwe Version: 1.0.0 The skill bundle is a functional toolset designed to automate Facebook Page posts via the Graph API. It includes scripts for token management (fb_token_helper.py), media uploads, and post scheduling (fb_publisher_agent.py). While the bundle handles sensitive credentials and stores them in a local file (fb_tokens_output.json) for user convenience, this behavior is documented and aligned with the stated purpose. No evidence of data exfiltration, malicious execution, or prompt injection was found.
能力评估
Purpose & Capability
The SKILL.md and code implement Facebook Page posting and token exchange, which matches the declared purpose. However config.py's validate() lists unrelated required env vars (OPENAI_API_KEY and APIFY_API_TOKEN) in addition to Facebook vars. Those services (OpenAI, Apify) are not used anywhere else in the shipped scripts, so requiring them is disproportionate and incoherent with a pure FB publisher skill.
Instruction Scope
SKILL.md instructs interactive token flow and running provided scripts, which aligns with the code. But agents/fb_token_helper.py instructs users to select a specific App ID (4348763312075291) in Graph Explorer — this encourages using an app that may not be the user's and is a red flag. The helper prints long-lived tokens to the console and writes them to a local JSON file (fb_tokens_output.json), contradicting the SKILL.md's own 'Never log tokens' guidance and increasing leak risk.
Install Mechanism
No install spec; this is an instruction-and-code-only skill. Nothing is downloaded or installed automatically, which lowers supply-chain risk.
Credentials
SKILL.md declares FB_APP_ID, FB_APP_SECRET, FB_PAGE_ID, FB_PAGE_ACCESS_TOKEN which are appropriate. But config.py also reads many other env vars (OPENAI_API_KEY, APIFY_API_TOKEN, FB_CLIENT_TOKEN, FB_USER_ACCESS_TOKEN) and its validate() will raise if OPENAI_API_KEY and APIFY_API_TOKEN are not set — these appear unrelated to Facebook posting and are disproportionate. The skill asks users to paste tokens interactively and then prints/saves them, which is unnecessary exposure of secrets.
Persistence & Privilege
The skill does not request special platform privileges and always:false. However fb_token_helper.py persists tokens to fb_tokens_output.json and suggests storing tokens in .env; both create local persistence that can be accidentally committed or accessed by other processes. The skill does not modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install qwe
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /qwe 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
qsadasd
元数据
Slug qwe
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

qwe 是什么?

Facebook Publisher Skill (Automate Page Posts via Graph API). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 212 次。

如何安装 qwe?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install qwe」即可一键安装,无需额外配置。

qwe 是免费的吗?

是的,qwe 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

qwe 支持哪些平台?

qwe 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 qwe?

由 Phan Văn Năng(@yunneetoichoi)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论