← 返回 Skills 市场
83
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install twitter-automation-suite
功能描述
Twitter/X 自动化运营套件。自动发推、监控关键词、批量回复、AI 生成推文内容。适合社交媒体运营、账号增长、竞品监控。
安全使用建议
Proceed with caution. The post.js script does perform browser automation and needs your Twitter username/password in a .env — only use these credentials if you absolutely trust the source and prefer browser-driven automation over OAuth/API tokens. The package advertises monitoring/reply/analysis features but the corresponding scripts are missing; this indicates the package is incomplete or poorly maintained. Before installing: (1) prefer OAuth/API tokens (twitter-api) or app-specific credentials instead of your primary password; (2) inspect any missing scripts if the publisher supplies updates — they could change behavior; (3) run in an isolated environment or throwaway account if you want to test; (4) verify the package author and repository (there's no homepage/source) and ask the publisher why metadata doesn't declare required env vars and why some dependencies and scripts are unused. If you are unsure, do not supply primary account credentials.
功能分析
Type: OpenClaw Skill
Name: twitter-automation-suite
Version: 1.0.0
The bundle provides Twitter automation via Puppeteer but contains high-risk patterns and potential vulnerabilities. It requires users to store plaintext credentials (including passwords) in a .env file and executes Puppeteer with the --no-sandbox flag in scripts/post.js, which bypasses critical browser security layers. Furthermore, index.js passes unsanitized command-line arguments directly to child_process.spawn, creating a potential argument injection vulnerability. While no explicit data exfiltration or malicious intent was detected, the handling of sensitive credentials and insecure execution patterns warrant caution.
能力评估
Purpose & Capability
Name/description (Twitter automation) aligns with the provided post.js which uses puppeteer to log in and post. However package.json and SKILL.md list additional dependencies (playwright, twitter-api-v2, node-cron, OpenAI) and commands (monitor, reply, analyze) whose implementation files are missing. Registry metadata declares no required env vars while SKILL.md asks for TWITTER_USERNAME/PASSWORD/EMAIL and optional OPENAI_API_KEY. These mismatches suggest sloppy packaging or incomplete/changed code.
Instruction Scope
SKILL.md instructs installing several packages and storing account credentials in a .env; index.js enforces a .env file and spawns scripts. The post flow (post.js) reads TWITTER_USERNAME/PASSWORD/EMAIL via dotenv and automates browser login — coherent for browser-based automation. But SKILL.md promises monitoring, auto-reply and analysis features; index.js references monitor.js/auto-reply/analyze scripts that are not present in the bundle, so the instructions overpromise and the runtime behavior could differ if those files are added later.
Install Mechanism
There is no formal install spec; SKILL.md asks users to run npm install for listed packages. Dependencies are typical for browser automation (puppeteer, dotenv) though twitter-api-v2 and playwright are present but unused in the included code. No external URL downloads or archives are used. Installing heavy packages like puppeteer is expected but increases attack surface if packages are malicious or compromised.
Credentials
The skill requires direct Twitter credentials (username/password/email) per SKILL.md and post.js, but the registry metadata does not declare any required env vars — an incoherence. Requesting account credentials is proportionate to a puppeteer-based login approach but is sensitive: storing plaintext account passwords in .env and giving them to third-party code is risky. SKILL.md also asks for an OPENAI_API_KEY which is not used by the included scripts, another unexplained requested secret.
Persistence & Privilege
always is false and disable-model-invocation is default; the skill does not request elevated platform privileges. It spawns child processes and launches a browser (puppeteer) which is expected for this functionality but increases local resource usage. The bundle does not attempt to modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install twitter-automation-suite - 安装完成后,直接呼叫该 Skill 的名称或使用
/twitter-automation-suite触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Twitter/X 自动化运营套件首发上线。
- 支持自动发推(文字、图片、线程)、定时与批量发布
- 提供关键词/hashtag 监控与实时推文通知
- 实现关键词触发的自动回复,支持 AI 生成和多模板管理
- 包含账号分析:粉丝增长、互动数据和热门内容统计
- 提供详细的命令说明与安全建议
- 支持与 cron 搭配实现定时发推
元数据
常见问题
Twitter Automation Suite 是什么?
Twitter/X 自动化运营套件。自动发推、监控关键词、批量回复、AI 生成推文内容。适合社交媒体运营、账号增长、竞品监控。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 83 次。
如何安装 Twitter Automation Suite?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install twitter-automation-suite」即可一键安装,无需额外配置。
Twitter Automation Suite 是免费的吗?
是的,Twitter Automation Suite 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Twitter Automation Suite 支持哪些平台?
Twitter Automation Suite 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Twitter Automation Suite?
由 CJstate(@cjstate)开发并维护,当前版本 v1.0.0。
推荐 Skills