← 返回 Skills 市场

Weibo Manager

Name: Weibo Manager
Author: hmyaoyuan

作者 HMyaoyuan · GitHub ↗ · v1.0.2

cross-platform ⚠ suspicious

1111

总下载

当前安装

版本数

在 OpenClaw 中安装

/install weibo-manager

功能描述

Manage Weibo posts via Puppeteer with a secure request-approve-execute workflow for drafting, reviewing, and publishing text and images.

安全使用建议

Key things to consider before installing/running this skill: - It contains real executable Node scripts (Puppeteer) but declares no required binaries or env; you will need Node, npm, and a Chrome binary and you should review and install dependencies in a controlled environment. - The skill requires a cookies.json file with Weibo session cookies (sensitive). Do not provide cookies to untrusted code; prefer manual, audited cookie export and storage with least privilege. - The SKILL.md forbids autonomous publishing, but the skill metadata does not enforce that — an agent or other automation could run publisher.js directly. If you must use this, disable autonomous invocation or ensure strict admin approval controls. - The code calls out to other local skills/tools (skills/feishu-sender/* and 'uv run ...') and some scripts reference absolute user paths (e.g. /Users/runchen/...). Audit those called scripts (feishu-sender and nano-banana-ultra) before running — they may transmit data off-host. - Child-process execution is used for notifications and image generation; verify what those subprocesses do and where they send data (Feishu chat IDs are passed around). Ensure Feishu credentials and endpoints are legitimate. - Recommendation: do not run this on a production or personal machine until you: (1) review all referenced files (feishu-sender, nano-banana-ultra scripts), (2) fix hard-coded executablePath and absolute user paths, (3) explicitly provide/lock down cookies.json, (4) document and supply required env creds, and (5) disable autonomous invocation or enforce an approval gate. Running inside an isolated VM or container and monitoring network activity is advised if you still want to test it.

功能分析

Type: OpenClaw Skill Name: weibo-manager Version: 1.0.2 The OpenClaw AgentSkills skill bundle for Weibo management and image generation contains critical shell injection vulnerabilities. Multiple scripts (`src/approve_post.js`, `src/force_login.js`, `src/login.js`, `src/request_publish.js`) use `child_process.execSync` to execute other internal skills, passing user-controlled inputs (such as `chat_id` and `content`) directly as shell arguments without proper sanitization. This flaw could allow an attacker to achieve Remote Code Execution (RCE) by crafting malicious input. While the `SKILL.md` demonstrates security awareness by explicitly warning against prompt injection from external sources and enforcing an approval workflow, the code itself introduces severe vulnerabilities. There is no evidence of intentional malicious behavior like data exfiltration to external endpoints or persistence mechanisms, but the RCE risk makes it suspicious.

能力评估

⚠ Purpose & Capability

The package contains many Puppeteer-based scripts to login, publish, delete posts and also many unrelated image-generation helpers. However the registry metadata declares no required binaries, no env vars and no primary credential. In reality the code requires Node, Chrome (executablePath is hard-coded to macOS Chrome), a cookies.json session file, and appears to rely on a separate 'feishu-sender' skill. Those runtime needs are not declared, which is inconsistent and disproportionate to the (missing) short description.

⚠ Instruction Scope

SKILL.md emphasizes a strict Request->Approve->Execute flow and forbids autonomous publishing or reading comments. But the code executes external commands (child_process.execSync) to call other scripts (skills/feishu-sender/*) and runs external generators via 'uv run ...'. Several generation scripts reference absolute user-local file paths (e.g. /Users/runchen/.openclaw/...), meaning the skill can read local files; the README does not disclose this. The skill also requires a cookies.json containing session cookies (sensitive) but does not enumerate how that file is protected or validated.

⚠ Install Mechanism

No install spec is provided even though package.json and package-lock.json are present and the code depends on many npm packages (puppeteer-core, puppeteer-extra, axios, etc.). The absence of an install step is a mismatch: running these scripts will require installing dependencies and a suitable browser binary. The code also invokes external tools via 'uv run', which pulls in other skill code at runtime — this increases the attack surface and is not documented in SKILL.md.

⚠ Credentials

The skill declares no required env vars, but uses dotenv and invokes other skills (feishu-sender) that almost certainly need Feishu API credentials; those credentials are not declared. It requires an explicit cookies.json (sensitive auth data) but does not declare that as a required secret. Several generator scripts refer to absolute user file paths, which could cause access to arbitrary local files — that is disproportionate and risky relative to a simple Weibo publishing description.

⚠ Persistence & Privilege

The skill is not marked always:true (good), but platform metadata leaves autonomous invocation enabled while SKILL.md forbids any autonomous publishing and requires human approval. That is a behavioral mismatch: nothing in the metadata enforces the safety constraint expressed in SKILL.md, so an agent could call publisher.js directly if misconfigured or maliciously instructed.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install weibo-manager
安装完成后，直接呼叫该 Skill 的名称或使用 /weibo-manager 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

weibo-manager 1.0.2 - No code or documentation changes detected in this release. - All functionality, workflow, and usage remain unchanged.

v1.0.1

weibo-manager 1.0.1 - Added comprehensive documentation (SKILL.md) covering security requirements, publish workflow, command usage, technical notes, and directory structure. - Clarified mandatory human approval flow: all publishing must strictly follow a Request → Approve → Execute sequence, with no autonomous publishing allowed. - Specified manual cookie provisioning and security guidelines to avoid prompt injection risks. - Outlined precise shell command examples for both drafting and executing Weibo posts, including support for image uploads and newline formatting. - Detailed file organization and pending post handling for easier setup and maintenance.

元数据

Slug weibo-manager

版本 1.0.2

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Weibo Manager 是什么？

Manage Weibo posts via Puppeteer with a secure request-approve-execute workflow for drafting, reviewing, and publishing text and images. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1111 次。

如何安装 Weibo Manager？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install weibo-manager」即可一键安装，无需额外配置。

Weibo Manager 是免费的吗？

是的，Weibo Manager 完全免费（开源免费），可自由下载、安装和使用。

Weibo Manager 支持哪些平台？

Weibo Manager 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Weibo Manager？

由 HMyaoyuan（@hmyaoyuan）开发并维护，当前版本 v1.0.2。