← 返回 Skills 市场
323
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install twitter-ai-kol-fetcher
功能描述
抓取 Twitter AI 领域 KOL 最新动态、识别热门话题、生成专业内参。触发条件:"抓取 Twitter"、"AI 领域最新动态"、"每天 AI 动态"、"写内参"、"AI 内参"。
安全使用建议
This skill aims to fetch Twitter KOL tweets and produce LLM-written intelligence reports — that purpose is coherent with calling a Twitter API and an LLM API. However: 1) The registry claims no credentials but the code needs both a Twitter API key and an OpenRouter key; treat that as a red flag until corrected. 2) scripts/01_fetch_kols.py contains a hardcoded Twitter API key — remove or rotate it and do not run code that embeds unknown credentials. 3) SKILL.md promises not to save local files and to send reports to Feishu, but the code saves JSON in /tmp and contains no Feishu-send logic; do not assume private data won’t be stored or transmitted. 4) The repository contains multiple clear coding errors (invalid import syntax referencing filenames starting with digits in scripts/main.py, undefined KOL_LIST in 01_fetch_kols.py), so the code will likely fail or behave unpredictably. Before installing or running: - Do not run on a production machine. Use an isolated environment/VM. - Inspect and remove any hardcoded credentials; supply your own keys only via environment variables or a secure config. - Fix the import/identifier bugs and add explicit, auditable Feishu/webhook code if you want automated delivery. - Decide and document what data is sent to the LLM provider (OpenRouter) — tweets and metadata will be transmitted and may be logged by that service. - Consider rotating any keys that might have been exposed if you accidentally used the embedded default key. If you cannot or will not audit and fix these issues, do not install/run this skill.
功能分析
Type: OpenClaw Skill
Name: twitter-ai-kol-fetcher
Version: 1.0.1
The skill bundle contains a hardcoded API key for the twitterapi.io service within `scripts/01_fetch_kols.py`, which is a significant security risk. Additionally, the report generation logic in `scripts/03_generate_report.py` is vulnerable to indirect prompt injection because it incorporates unsanitized tweet content directly into LLM prompts. The code also exhibits several functional bugs (e.g., a NameError in the fetcher script) and discrepancies between the stated features in `SKILL.md` (such as Feishu integration) and the actual implementation, suggesting the bundle is poorly vetted or potentially used as a lure.
能力评估
Purpose & Capability
The skill's purpose (fetch Twitter KOL tweets and generate LLM-based reports) justifies using a Twitter API and an LLM service (OpenRouter). However the registry metadata declared no required credentials while the code expects both twitter_api_key and openrouter_api_key (config.json and environment fallback). The code also contains a hardcoded default Twitter API key in scripts/01_fetch_kols.py, which is unexpected and suspicious. The SKILL.md claims the output will be sent to Feishu, but there is no Feishu/HTTP-post/send-to-Feishu implementation in the provided scripts.
Instruction Scope
SKILL.md instructs setting OPENROUTER_API_KEY and not to save local files, but the scripts read config.json and write multiple files under /tmp (kol_tweets_*.json and *_filtered.json). SKILL.md promises 'send to Feishu → delete temp files', but the code only prints reports and lacks Feishu integration. The runtime instructions and the shipped code disagree about persistence and output destinations. The scripts send tweet contents and prompts to openrouter.ai (expected for LLM use), which is consistent with report generation but should be explicit in metadata.
Install Mechanism
No install spec is provided (instruction-only installer), so nothing is downloaded/installed as part of skill installation. That reduces install-time risk. However, the shipped Python scripts will be executed locally and perform network calls, so runtime network risk remains even without an installer.
Credentials
The public metadata lists no required environment variables or primary credential, but the code requires a Twitter API key and an OpenRouter API key (config.json or environment). Worse, scripts/01_fetch_kols.py contains a hardcoded default API_KEY string (new1_7590bc837c4d4104ada0ef3419ab7d6c), which is unexpected and potentially reuses someone else's credential. The number and type of secrets requested are proportionate to the described task, but they must be declared and handled safely — they are not.
Persistence & Privilege
The skill is not marked always:true (good). But SKILL.md explicitly states 'Do not save local files', while scripts persist data to /tmp and to filtered files; this contradiction is important for privacy. The skill does not request permanent platform-wide privileges or modify other skills, but temporary file writes and sending tweet content + context to an external LLM provider are privacy-relevant actions that the user should consent to.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install twitter-ai-kol-fetcher - 安装完成后,直接呼叫该 Skill 的名称或使用
/twitter-ai-kol-fetcher触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Version 1.0.1
- 新增 config.json 配置文件,支持用户以 JSON 格式填写 API Key。
- 优化项目结构,明确将 API Key 管理从脚本和代码中分离到 config.json 文件。
- SKILL.md 补充 config.json 配置方法和格式说明,方便用户初始化和部署。
v1.0.0
twitter-ai-kol-fetcher v1.0.0
- 全面升级抓取流程,扩展 KOL 数量至 82 个,覆盖更广 AI 领域。
- 新增话题聚类功能,合并相关推文,提升报告深度与代表性。
- 模型分离,采用低成本模型判定+高质量模型生成报告,有效控制日常运行成本。
- 支持并行生成多篇报告,交付速度大幅提升。
- 加入防漏抓兜底规则,确保捕捉重点用户、事件与高互动推文。
- 优化报告结构,聚焦核心要点、战略意义与多方观点,输出更专业的内参。
元数据
常见问题
twitter-ai-kol-fetcher 是什么?
抓取 Twitter AI 领域 KOL 最新动态、识别热门话题、生成专业内参。触发条件:"抓取 Twitter"、"AI 领域最新动态"、"每天 AI 动态"、"写内参"、"AI 内参"。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 323 次。
如何安装 twitter-ai-kol-fetcher?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install twitter-ai-kol-fetcher」即可一键安装,无需额外配置。
twitter-ai-kol-fetcher 是免费的吗?
是的,twitter-ai-kol-fetcher 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
twitter-ai-kol-fetcher 支持哪些平台?
twitter-ai-kol-fetcher 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 twitter-ai-kol-fetcher?
由 Ryder Sun(@ryder-mhumble)开发并维护,当前版本 v1.0.1。
推荐 Skills