← 返回 Skills 市场
evan-y25

twitter-dance

作者 Evan · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
280
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install twitter-dance
功能描述
基于 apidance.pro API,自动生成并发布推文,支持账户统计、通知管理、自动回复和互动分析,适合日常社媒运营自动化。
安全使用建议
Before installing or running this skill: - Don’t trust the registry metadata alone — inspect SKILL.md and the code: this skill expects APIDANCE_API_KEY, TWITTER_AUTH_TOKEN, and optionally KIMI_API_KEY even though the registry lists none. - Verify provenance: source/homepage are listed as unknown/none in the metadata; package.json points to a GitHub path — confirm the repository and maintainer identity before trusting keys. - Avoid extracting long‑lived session tokens from your primary account via browser devtools. Prefer creating a dedicated developer/app token with minimal scope or use a throwaway/test account for initial testing. - Review the code (especially src/* and scripts/*) to see how credentials are used and whether verbose/debug logging might print sensitive data to logs. If you enable verbose=2, watch for sensitive fields in logs. - Run the code in an isolated environment (throwaway account, sandbox container or VM) first. Do not place production account credentials into the skill until you confirm behaviour. - Consider rotating credentials after any test runs. If you must use the skill, grant only the minimum scopes needed and avoid long-lived tokens where possible. - If you want to proceed, ask the maintainer to update registry metadata to declare required env vars and to document token/scopes clearly; request a reproducible source URL (official repo) and a minimal set of permissions for TWITTER_AUTH_TOKEN. I have medium confidence because the code and docs align with the stated purpose, but the metadata omission and the token extraction guidance are suspicious and merit manual review before use.
功能分析
Type: OpenClaw Skill Name: twitter-dance Version: 1.0.0 The twitter-dance skill bundle is a comprehensive Twitter automation toolset that utilizes the apidance.pro third-party API and Kimi AI for content generation. The code is well-structured and provides extensive functionality for tweeting, replying to comments, and performing account analytics, as seen in scripts like auto-tweet.js and auto-reply-comments.js. While the skill requires sensitive credentials (Twitter auth tokens and API keys), the logic is transparent and strictly follows the stated purpose of social media automation. A minor portability issue exists in check-doc.js due to a hardcoded macOS Chrome path, but no malicious behavior or exfiltration logic was detected.
能力评估
Purpose & Capability
The skill's stated purpose (Twitter automation via apidance.pro and optional Kimi) legitimately requires APIDANCE_API_KEY, TWITTER_AUTH_TOKEN, and optionally KIMI_API_KEY. However, the registry metadata declares no required environment variables or primary credential, which is inconsistent with the SKILL.md and included code (many scripts and client files that read process.env). The lack of declared credentials in metadata is an incoherence that should be clarified.
Instruction Scope
SKILL.md instructs the agent/user to export APIDANCE_API_KEY, TWITTER_AUTH_TOKEN and KIMI_API_KEY and gives commands to run scripts and cron jobs. It also explicitly tells users to obtain a TWITTER_AUTH_TOKEN by copying the Authorization header from X.com developer tools — guidance that can encourage insecure token extraction and accidental exposure. The docs enable verbose logging (verbose=2) which will print full GraphQL requests/responses for debugging; that could surface sensitive data if not reviewed. Scripts write logs to a logs/ directory and suggest running long‑running watchers (--watch); these behaviours are within the skill's scope but increase the risk surface.
Install Mechanism
No install spec is provided (instruction-only skill), and the repository includes source and a small bundled dependency (dotenv) rather than arbitrary downloads. There is no evidence of external arbitrary binary downloads or extract steps; risk from installation artifacts is therefore low. However, the package includes many scripts and full client code, so review of the codebase is necessary before execution.
Credentials
The required credentials (APIDANCE_API_KEY, TWITTER_AUTH_TOKEN, optional KIMI_API_KEY) are appropriate for a Twitter automation skill. The concern is that the registry metadata did not declare any required env vars or a primary credential, yet the SKILL.md and code clearly require them. TWITTER_AUTH_TOKEN (a bearer/session token) is particularly sensitive; the skill's instructions on obtaining it via browser request copying and storing it locally increase the chance of misuse or accidental leakage. No other unrelated credentials are requested.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously (disable-model-invocation:false), which is the platform default. Because the skill uses sensitive API credentials and supports scheduling/cron instructions, autonomous invocation increases the potential blast radius if credentials or behaviour are misconfigured — review and limit autonomous runs until you audit the code and tokens. The skill does not request system-wide config changes or other skills' configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install twitter-dance
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /twitter-dance 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
twitter-dance 1.0.0 - Initial release of a fully automated Twitter posting and management system based on apidance.pro API - Supports AI-powered tweet generation (Kimi), automated posting, bulk scheduling, and draft mode - Includes tweet analytics, account stats, interaction and engagement analysis, and notification management - Offers advanced features: auto-reply to comments, conversation threading, bulk like/retweet, and best posting time analysis - Command-line scripts provided for quick start, automation, and interactive workflows - Extremely low operating cost compared to popular alternatives
元数据
Slug twitter-dance
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

twitter-dance 是什么?

基于 apidance.pro API,自动生成并发布推文,支持账户统计、通知管理、自动回复和互动分析,适合日常社媒运营自动化。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 280 次。

如何安装 twitter-dance?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install twitter-dance」即可一键安装,无需额外配置。

twitter-dance 是免费的吗?

是的,twitter-dance 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

twitter-dance 支持哪些平台?

twitter-dance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 twitter-dance?

由 Evan(@evan-y25)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论