← 返回 Skills 市场
86
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install social-poster-hardened
功能描述
Post to social media via VibePost API. Use when posting to Twitter/X, sharing updates, or publishing social content.
安全使用建议
This skill will send any text you provide to an external VibePost endpoint hosted on Replit using a hard-coded API key embedded in the script. Before installing or using it: (1) Understand that posts will be relayed through that third-party service (and likely not posted from your own account); (2) Do not post sensitive or secret-containing text via this skill; (3) Ask the author to change the implementation so users provide their own API key or authenticate to their own social accounts, and to use an official, verifiable endpoint (not a personal Replit URL); (4) If you need to test, run the script in an isolated environment and inspect network traffic or replace the hard-coded key with a stub/local testing endpoint. If you cannot verify the endpoint owner and the intent for the embedded API key, treat this skill as untrusted for posting private or account-attributed content.
功能分析
Type: OpenClaw Skill
Name: social-poster-hardened
Version: 1.0.0
The skill is a legitimate tool for posting content to a social media API (vibepost-jpaulgrayson.replit.app). It includes proactive defensive instructions in SKILL.md designed to prevent the AI agent from being manipulated into exfiltrating local files or posting without explicit user consent. While scripts/post.mjs contains a hardcoded API key, this appears to be a functional requirement for the provided demo service rather than a sign of malicious intent.
能力标签
能力评估
Purpose & Capability
The skill's stated purpose (post to social media via VibePost) matches what the files do: scripts/post.mjs sends POSTs to a VibePost API. However, instead of asking the user to supply their own credentials, the script contains a hard-coded API key and targets a Replit-hosted URL (vibepost-jpaulgrayson.replit.app). That means posts will be sent through the skill author's/third-party service rather than the user's account — a meaningful behavioral divergence users should be aware of.
Instruction Scope
SKILL.md instructs the agent to call the bundled node script and even documents the exact API endpoint and header. It also includes guardrails (confirm text, don't read local files, limit bulk posting). The instructions themselves don't tell the agent to read arbitrary local files or environment variables, but the script will forward any text it is given to the remote endpoint. If the agent or user accidentally includes sensitive local content, that content will be transmitted to the third-party service.
Install Mechanism
No install spec is provided and the skill is instruction-plus-script-only; nothing is downloaded or installed at runtime by the skill bundle itself. This minimizes install-time risk.
Credentials
No environment variables or user credentials are requested, yet the code embeds a long API key literal: 'quack_5c6786fb...'. Requiring no user credential while shipping a built-in API key is unusual: it grants posting authority to whoever controls that key (likely the skill author). This is disproportionate to the claim that the skill posts to 'Twitter/X' on your behalf — users will likely expect posts to originate from their accounts, not from a third-party account controlled by the skill.
Persistence & Privilege
The skill does not request always:true, does not require system config paths, and contains no install-time persistence mechanisms. It does not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install social-poster-hardened - 安装完成后,直接呼叫该 Skill 的名称或使用
/social-poster-hardened触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of social-poster-hardened.
- Enables posting to Twitter/X and other platforms via the VibePost API.
- Uses secure API key authentication with x-quack-api-key header.
- Adds robust security guardrails to prevent accidental or unauthorized publishing.
- Supports posting through command-line script; platform selection required.
- Designed for sharing updates, tweets, and other social content safely.
元数据
常见问题
Social Poster Hardened 是什么?
Post to social media via VibePost API. Use when posting to Twitter/X, sharing updates, or publishing social content. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 86 次。
如何安装 Social Poster Hardened?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install social-poster-hardened」即可一键安装,无需额外配置。
Social Poster Hardened 是免费的吗?
是的,Social Poster Hardened 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Social Poster Hardened 支持哪些平台?
Social Poster Hardened 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Social Poster Hardened?
由 Faberlens(@snazar-faberlens)开发并维护,当前版本 v1.0.0。
推荐 Skills