← 返回 Skills 市场
jkobject

Unbridled

作者 Jérémie Kalfon · GitHub ↗ · v0.2.2 · MIT-0
cross-platform ⚠ suspicious
132
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install unbridled
功能描述
Send and read messages on Facebook Messenger, WhatsApp, Instagram, LinkedIn, Twitter/X, Signal, Telegram, Discord and other networks through a Beeper account...
安全使用建议
This skill appears to do what it says (use your Beeper account as a unified API) but it requires highly sensitive secrets: the Beeper Recovery Key (full account recovery and decryption of message history) and the bbctl access token (API access). If you install it, you will be asked to store those secrets on the agent host (plaintext file and bbctl config) and to run an optional systemd user daemon that continuously syncs keys and messages. Before installing, consider: - Only install on a host you fully control and trust (use an isolated VM/container or a dedicated agent user). - Understand that the recovery key + bbctl token = read+write access to all bridged networks (inbox history + sending). Treat them like root passwords. If leaked, rotate/regenerate the recovery key from Beeper Desktop and revoke the device. - If you only need to send messages and can accept not reading history, skip importing the recovery key and decline installing the sync daemon — functionality will be reduced but risk is lower. - Verify the scripts yourself (they are provided) and inspect any changes before running. The install steps download bbctl from the project's GitHub releases and pip packages from PyPI — standard but run them in a controlled environment if you're cautious. - Audit and cleanup steps are provided in the README; after testing you can remove ~/.local/share/clawd-matrix, ~/.config/bbctl, and the recovery key file to revoke local access. Keep an eye on the user systemd unit and logs (journalctl --user -u clawd-beeper-sync). The skill is coherent with its purpose, but because it requires full decryption keys, treat it as high-trust and follow the precautions above.
功能分析
Type: OpenClaw Skill Name: unbridled Version: 0.2.2 The skill provides unified access to a user's Beeper/Matrix messaging accounts, including E2EE networks like WhatsApp and Messenger. It requires the user to store their master Beeper Recovery Key in a local file (~/.secrets/beeper-recovery-key.txt) and uses it to bootstrap cross-signing and decrypt historical message backups (scripts/bootstrap_crosssign.py and scripts/import_key_backup.py). While the code appears well-documented, follows the Matrix specification (including handling known libolm implementation quirks), and includes safety instructions for the AI agent, the inherent high-risk nature of automating access to a master recovery key and all private communications across multiple platforms warrants a suspicious classification under the provided criteria.
能力标签
cryptorequires-walletrequires-oauth-tokenrequires-sensitive-credentials
能力评估
Purpose & Capability
Name/description match what the code and SKILL.md do: they use a Beeper per-user Matrix homeserver to send/read bridged networks and to bootstrap cross-signing and import the Megolm key backup. One inconsistency: the registry metadata lists no required env vars or config paths, but the runtime instructions and code rely on user files (~/.config/bbctl/config.json, ~/.secrets/beeper-recovery-key.txt, ~/.local/share/clawd-matrix/). This is explainable (instruction-only skill) but worth noting.
Instruction Scope
SKILL.md and scripts explicitly instruct the agent/installer to (a) store the Beeper recovery key in ~/.secrets, (b) run bbctl login (which populates ~/.config/bbctl/config.json), (c) run bootstrapping/import scripts, and (d) optionally install a systemd user daemon for continuous sync. All of these actions are within the stated purpose (establish trust, decrypt history, and maintain Megolm sessions). The instructions do require writing and reading highly sensitive files (the recovery key and bbctl token) — this is necessary for full functionality but is a sensitive operation the user must accept explicitly.
Install Mechanism
Install steps are conventional: download the official bbctl binary from the project's GitHub releases, apt/brew for libolm and ffmpeg, and create a Python venv to pip-install matrix-nio[e2e] and crypto deps. No obfuscated or unusual remote hosts are used; archives are not pulled from arbitrary personal servers. The skill is instruction-only in the registry (no automatic installer), but an included install.sh automates the same steps.
Credentials
The skill requires access to two very powerful secrets: the bbctl access token (stored in ~/.config/bbctl/config.json) and the Beeper Recovery Key (explicitly stored in ~/.secrets/beeper-recovery-key.txt). Those are exactly the credentials needed to read and send messages and to import full Megolm backups — which is coherent with the purpose, but the sensitivity is high. The registry did not declare these config paths/credentials as required, so the user may not expect the level of secret access requested. The scripts also create persistent local key stores (~/.local/share/clawd-matrix).
Persistence & Privilege
The package installs (via provided scripts) a user-level systemd service (clawd-beeper-sync) to run a long‑running sync daemon that consumes to_device events and maintains Megolm sessions. The skill is not marked always:true; it does not request platform-global privileges, but the daemon combined with stored secrets gives ongoing access to inbound keys and the ability to decrypt future messages. This persistence increases blast radius and should be judged deliberately.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install unbridled
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /unbridled 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.2
Fix packaged skill path resolution in collect_beeper_daily.py after validating the published layout; keep the recent-history over-fetch fix and updated docs.
v0.2.1
Fix false decryption-unavailable reports by over-fetching recent history in the digest collector; document the raw-event-count pitfall; publish the chat search helper in the skill docs.
v0.3.0
better name
v0.2.0
key backup import
元数据
Slug unbridled
版本 0.2.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Unbridled 是什么?

Send and read messages on Facebook Messenger, WhatsApp, Instagram, LinkedIn, Twitter/X, Signal, Telegram, Discord and other networks through a Beeper account... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 132 次。

如何安装 Unbridled?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install unbridled」即可一键安装,无需额外配置。

Unbridled 是免费的吗?

是的,Unbridled 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Unbridled 支持哪些平台?

Unbridled 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Unbridled?

由 Jérémie Kalfon(@jkobject)开发并维护,当前版本 v0.2.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论