← 返回 Skills 市场
psyduckler

Reddit Quote Carousel

作者 psyduckler · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
679
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install reddit-quote-carousel
功能描述
Create an Instagram carousel from a popular-picks list with Reddit quotes. Cover slide uses "clean" style with "Top CATEGORY in Destination" title. Each attr...
安全使用建议
This skill's description is plausible, but its runtime instructions assume local scripts, repository hosting, and Instagram publishing credentials that are not declared. Before installing or using it, ask the author: (1) Where does the overlay.py script come from? Provide an install or dependency manifest instead of a hard-coded /Users/psy path. (2) How will Instagram publishing and repo hosting be authenticated? The skill should explicitly declare required environment variables (Instagram token, git/CI deploy key) and request only those it needs. (3) Confirm licensing/copyright for using downloaded Instagram photos and for reprinting Reddit text; ensure proper attribution and permissions. If you proceed, test the skill in a sandboxed environment, do not provide broad credentials until you understand how they will be used, and prefer a version that documents installs and required secrets instead of relying on implicit local files.
功能分析
Type: OpenClaw Skill Name: reddit-quote-carousel Version: 1.0.0 The skill is classified as suspicious due to critical vulnerabilities. The `SKILL.md` file demonstrates a shell injection risk in Sub-agent 2, where user-controlled and scraped content (e.g., `{REDDIT_QUOTE}`, `{CATEGORY}`) is directly interpolated into `python3` command-line arguments without apparent sanitization, potentially leading to arbitrary command execution. Additionally, the `popular_picks_url` parameter in Sub-agent 1 presents a Server-Side Request Forgery (SSRF) or Local File Inclusion (LFI) risk if the `web_fetch` function is not properly restricted, allowing access to internal network resources or local files.
能力评估
Purpose & Capability
The name/description (build an Instagram carousel from Reddit quotes) is plausible, but the runtime instructions assume access to a local overlay script, to a 'tabiji' repo for hosting, and to publish-to-Instagram steps. None of those capabilities or required credentials are declared. The skill therefore asks for capabilities beyond what its metadata indicates.
Instruction Scope
SKILL.md tells the agent to fetch web pages, download candidate images, vision-score them, write a manifest to /tmp, run a hard-coded Python script at /Users/psy/.openclaw/.../overlay.py, and host/publish images in a tabiji repo and to Instagram. These instructions reference specific local filesystem paths, a repo write/publish flow, and external publish actions — all of which grant broader access than the skill's manifest shows.
Install Mechanism
There is no install spec (instruction-only), which is low-risk in itself, but the skill assumes the presence of a specific Python script in a user workspace and other tooling. That implicit dependency is not installed or declared, making the instructions non-portable and potentially failing or causing the agent to try to access unexpected local files.
Credentials
The skill declares no required environment variables or credentials, yet publishing to Instagram and hosting images in a repo normally require authentication tokens (Instagram API credentials, git credentials or CI deploy keys). The SKILL.md does not state how authentication is supplied, so secrets and access needed by the actions are missing from metadata — a proportionality mismatch.
Persistence & Privilege
always is false and the skill itself doesn't request permanent platform-level presence. However, the instructions direct writing to a code repo (img/instagram/) and running /Users/psy/... scripts — actions that could modify project state or require repository push permissions. That's a privilege/impact concern even though the skill doesn't set always:true.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install reddit-quote-carousel
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /reddit-quote-carousel 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug reddit-quote-carousel
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Reddit Quote Carousel 是什么?

Create an Instagram carousel from a popular-picks list with Reddit quotes. Cover slide uses "clean" style with "Top CATEGORY in Destination" title. Each attr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 679 次。

如何安装 Reddit Quote Carousel?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install reddit-quote-carousel」即可一键安装,无需额外配置。

Reddit Quote Carousel 是免费的吗?

是的,Reddit Quote Carousel 完全免费(开源免费),可自由下载、安装和使用。

Reddit Quote Carousel 支持哪些平台?

Reddit Quote Carousel 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Reddit Quote Carousel?

由 psyduckler(@psyduckler)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论