← 返回 Skills 市场
技术宣发助手
作者
Christiana
· GitHub ↗
· v1.0.0
· MIT-0
110
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install tech-write-assist
功能描述
AI技术报告社媒宣发一键生成器。输入PDF技术报告,一键生成X推文Thread、 小红书帖子(好物推荐+技术揭秘两种风格)、微信公众号文章(量子位风格), 可选AI配图生成。用法: /宣传 <pdf路径> [--platform x|xhs|wechat|all] [--no-image]
安全使用建议
This skill largely does what it claims but has two practical risks you should consider before installing:
- Undeclared image API keys: The code will look for ARK_API_KEY, REPLICATE_API_TOKEN, and OPENAI_API_KEY and, if present, will send generated image prompts (which may include text derived from your PDF) to those third-party services. The skill metadata does not declare these env vars — treat any API key you set as allowing the skill to communicate with external providers.
- Potential data leakage: If you run image generation (or forget to use --no-image), portions of the PDF content may be incorporated into prompts and uploaded. Do not use this skill with confidential or proprietary PDFs unless you review/strip sensitive content first.
- Runtime pip installs: The skill will attempt to install pdfplumber, PyMuPDF, requests, Pillow, etc., at runtime if missing. Consider running in a sandboxed environment or pre-installing these packages yourself.
Recommendations:
- If you only need copy generation, run with --no-image (or ensure no image API keys are set) so nothing is sent to external image endpoints.
- Inspect scripts/extract_pdf.py and generate_image.py locally and consider running them manually in a controlled environment first.
- If you must enable image generation, avoid supplying production API keys; use limited-scope/test keys and review the generated image_specs.json before any automatic upload.
- If handling sensitive documents, do not enable stage 4 (image generation) and consider sanitizing the PDF before use.
If you want, I can list the exact lines where env vars and external endpoints are referenced and suggest small code edits (e.g., explicit confirmation prompt before any network call, or redaction options) to reduce the risk.
功能分析
Type: OpenClaw Skill
Name: tech-write-assist
Version: 1.0.0
The 'tech-write-assist' skill bundle is a legitimate tool designed to transform technical PDF reports into social media content for platforms like X, Xiaohongshu, and WeChat. It utilizes two main Python scripts: 'extract_pdf.py' for parsing document structure and 'generate_image.py' for creating AI-generated visuals via official APIs (OpenAI, Replicate, and Volcengine Ark). While the skill requires environment variables for API keys and uses bash for script execution and dependency management, all actions are transparently documented in 'SKILL.md' and strictly align with the stated purpose. No evidence of data exfiltration, credential theft, or malicious prompt injection was found.
能力评估
Purpose & Capability
The skill's stated purpose (generate social-media copy and optional images from a PDF) matches the included templates and scripts. Image-generation code and prompts are coherent with the 'optional AI images' feature. However, the skill metadata declares no required environment variables or credentials while both the SKILL.md and generate_image.py clearly expect ARK_API_KEY, REPLICATE_API_TOKEN or OPENAI_API_KEY — an inconsistency between declared requirements and actual runtime needs.
Instruction Scope
Runtime instructions direct the agent to read arbitrary PDF files from the provided path, extract full text/images, build image prompts from that content, and (if keys available) POST those prompts to external image APIs. There is no mention of redaction, opt-in for uploading potentially sensitive content, or limiting which extracted content is sent to providers. That creates a real data‑exfiltration/privacy risk for confidential PDFs.
Install Mechanism
No formal install spec is provided (instruction-only), but SKILL.md instructs runtime pip installs via scripts/requirements.txt if pdf parsing libs are missing. Installing third‑party packages at runtime in the agent environment increases attack surface and may modify the runtime environment unexpectedly (requests, pdfplumber, PyMuPDF, Pillow). The pip source is the local requirements file (not an arbitrary remote URL), which is lower risk than fetching arbitrary archives, but still noteworthy.
Credentials
The code and SKILL.md check for and use ARK_API_KEY, REPLICATE_API_TOKEN, and OPENAI_API_KEY, yet the skill declares no required env vars/primary credential. Requiring image-provider API keys is proportionate for optional image generation, but omitting them from metadata is misleading. More importantly, those keys (if provided) will cause the skill to transmit prompts derived from the user's PDF to external services — a credential + data‑exfiltration combination that should be explicit to the installer.
Persistence & Privilege
The skill is not always-enabled and disable-model-invocation is set true (user-invocable only). It does not request system-wide config changes or modify other skills. File reads/writes are limited to user-specified PDF paths and local ./output directories as described.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tech-write-assist - 安装完成后,直接呼叫该 Skill 的名称或使用
/tech-write-assist触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
写了论文、技术报告发愁没人知道?不知道怎么宣传增大影响力?或许可以试试这款skill:AI技术报告社媒宣发一键生成器,面向多平台科技内容发布场景,首次发布。
- 输入PDF技术报告,一键生成 X 推文Thread、小红书两种风格帖子、微信公众号文章,可选AI配图,配图可调用不同生图API
- 自动处理内容提取、深度分析、差异化平台文案写作,满足多元受众
- 支持按需跳过配图,输出详细image_specs.json供后续手动生成
- 严格区分各平台内容风格,中英混用与技术术语处理按平台规范
- 全流程异常兜底,核心交付为多平台适配文案,配图为增强项
元数据
常见问题
技术宣发助手 是什么?
AI技术报告社媒宣发一键生成器。输入PDF技术报告,一键生成X推文Thread、 小红书帖子(好物推荐+技术揭秘两种风格)、微信公众号文章(量子位风格), 可选AI配图生成。用法: /宣传 <pdf路径> [--platform x|xhs|wechat|all] [--no-image]. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。
如何安装 技术宣发助手?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tech-write-assist」即可一键安装,无需额外配置。
技术宣发助手 是免费的吗?
是的,技术宣发助手 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
技术宣发助手 支持哪些平台?
技术宣发助手 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 技术宣发助手?
由 Christiana(@christianashannon)开发并维护,当前版本 v1.0.0。
推荐 Skills