← 返回 Skills 市场
anson125chen

SocialPost Auto

作者 anson125chen · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
138
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install socialpost-auto
功能描述
社交媒体自动化运营助手。自动生成并发布小红书、微博、Twitter 内容,定时发送、互动回复。
安全使用建议
Do not supply platform credentials or a 'license_key' until the developer clarifies how the code uses them. Specific concerns to address before installing: (1) Ask the author why the registry lists no required credentials but SKILL.md instructs you to add them; (2) Verify whether post.py actually performs authenticated HTTP calls to platform APIs (the current functions only print); (3) Confirm which dependencies are required (post.py imports requests) and whether the package.json Node file is accidental; (4) If you must test, run the code in an isolated environment (container or VM) without real credentials and inspect network activity; (5) Prefer only adding minimal-scoped tokens or per-account API keys and revoke them after testing. Because of the mismatches between documentation, manifest, and code, treat this skill as untrusted until the developer provides a clear, consistent explanation and a version that actually implements secure credential handling.
功能分析
Type: OpenClaw Skill Name: socialpost-auto Version: 1.0.0 The skill bundle is a social media automation tool designed to schedule and publish content to platforms like Twitter, Weibo, and Xiaohongshu. The core logic in `scripts/post.py` manages a local task queue in a JSON file and provides placeholders for platform API integrations. While the tool requires sensitive credentials (API keys and session cookies) to be stored in the OpenClaw configuration file, there is no evidence of data exfiltration, unauthorized execution, or malicious prompt injection in `SKILL.md` or the Python scripts.
能力评估
Purpose & Capability
SKILL.md and README say the skill needs a license key and platform credentials (Twitter API keys, Weibo token, Xiaohongshu cookie) and will post/schedule/auto-reply. The declared registry requirements list no env vars or credentials. The included Python script contains stubbed post_* functions that only print instead of using credentials or calling APIs. This mismatch (promised network posting vs. no real API calls and no declared credential requirements) is incoherent.
Instruction Scope
Runtime instructions tell the agent/user to add a license_key and platform credentials to ~/.openclaw/openclaw.json and optionally enable cron jobs and auto-reply behavior. The actual script does not read that config or use those credentials, so the instructions ask for sensitive data that the shipped code does not appear to need — a red flag. Instructions also direct installing cron jobs to run the script periodically (writing/reading tasks.json under the user's workspace).
Install Mechanism
There is no install spec (instruction-only) which is lower risk. However package.json (Node) exists while the runtime is a Python script that imports the 'requests' library — no Python dependency declaration is provided. That mismatch could lead users to run code without the expected environment or to manually install dependencies; it's sloppy and worth attention but not directly malicious.
Credentials
SKILL.md asks users to store a license_key and multiple platform credentials in ~/.openclaw/openclaw.json, which is reasonable for a posting skill — but the registry metadata claims no required env/config. Requiring a license key and platform secrets without declaring them in the registry is inconsistent and could lead to users placing sensitive tokens where other skills or processes can access them. Also the script does not actually read those credentials, so it's unclear why they would be requested.
Persistence & Privilege
The skill does not request always:true or system-wide privileges. It writes its own tasks.json under ~/.openclaw/workspace/skills/socialpost-auto/data and suggests cron scheduling — normal for a scheduler. It does not modify other skills or system-wide configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install socialpost-auto
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /socialpost-auto 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: support Twitter, Xiaohongshu, Weibo auto posting. Scheduled posts and auto reply.
元数据
Slug socialpost-auto
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

SocialPost Auto 是什么?

社交媒体自动化运营助手。自动生成并发布小红书、微博、Twitter 内容,定时发送、互动回复。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 138 次。

如何安装 SocialPost Auto?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install socialpost-auto」即可一键安装,无需额外配置。

SocialPost Auto 是免费的吗?

是的,SocialPost Auto 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

SocialPost Auto 支持哪些平台?

SocialPost Auto 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 SocialPost Auto?

由 anson125chen(@anson125chen)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论