← 返回 Skills 市场
81
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install weibo-ops
功能描述
Weibo (微博) write operations via DrissionPage + Chrome CDP. Post, delete, repost, comment, and like on weibo.com. Activate when user asks to publish/delete/re...
安全使用建议
This skill automates a locally running Chrome to perform Weibo actions and does that by copying your Chrome profile (Cookies, Login Data, Local Storage, etc.) into /tmp and launching Chrome with remote debugging. Before installing or running it: 1) Understand that copying the profile exposes all browser sessions stored in that profile — use a dedicated / throwaway Chrome profile that contains only the Weibo login if you want to limit exposure. 2) The startup script hardcodes a macOS Chrome path; it will not work as-is on Linux/Windows and the SKILL.md does not mention this. 3) Inspect the included scripts yourself (start_chrome.sh and weibo_ops.py) — they appear to operate locally and do not exfiltrate data, but executing arbitrary scripts that copy your browser profile is sensitive. 4) Because the skill can delete posts, avoid running destructive actions (delete_all) until you test in a safe account. 5) If you cannot verify code or isolate the environment, do not run the script against your main Chrome profile or primary account.
功能分析
Type: OpenClaw Skill
Name: weibo-ops
Version: 1.0.0
The skill bundle performs high-risk profile manipulation in `scripts/start_chrome.sh`, copying the user's entire Chrome profile (including `Cookies`, `Login Data`, and `Local Storage`) to `/tmp` to facilitate automation. It also opens a Chrome remote debugging port with `--remote-allow-origins="*"`, which exposes the browser session to potential cross-site attacks. While these actions are technically aligned with the stated goal of Weibo automation via `DrissionPage` in `scripts/weibo_ops.py`, they represent significant security vulnerabilities rather than clear malicious intent, as no external exfiltration logic was identified.
能力评估
Purpose & Capability
The name/description (Weibo write operations via DrissionPage + CDP) matches what the Python script does: drive a real Chrome instance to post/repost/comment/like/delete. Copying a Chrome profile to reuse a logged-in session is a plausible implementation choice, but the script copies many profile files (Cookies, Login Data, Local Storage, etc.) which grants access to unrelated site sessions and secrets — more than the SKILL.md declares.
Instruction Scope
SKILL.md instructs the user to run scripts/start_chrome.sh which copies files from the user's Chrome profile into /tmp and launches Chrome with remote debugging; that requires reading sensitive local browser state. The runtime instructions and code show no network exfiltration, but they do perform destructive actions (delete_all) on the user's Weibo account. The instructions do not call out the full scope of file access or warn about copying profile data.
Install Mechanism
There is no external install or remote download; the skill is instruction + local scripts. That keeps install risk low — nothing is fetched from arbitrary URLs. The only dependency is DrissionPage via pip (declared in README).
Credentials
The skill does not declare any required config paths or credentials but the start_chrome.sh script requires read access to $HOME/Library/Application Support/Google/Chrome (macOS Chrome profile) and copies sensitive files like Cookies and Login Data. This is a disproportionate and undeclared access to local secrets/config. Also, the script assumes a macOS Chrome path but the skill metadata lists no OS restriction.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges. It copies a profile to /tmp (ephemeral) and launches a Chrome instance with remote debugging; this is local and not persistent beyond runtime. The skill can perform destructive actions on the user's Weibo account (delete_all), which is expected for its purpose but operationally sensitive.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install weibo-ops - 安装完成后,直接呼叫该 Skill 的名称或使用
/weibo-ops触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
微博写操作:发帖、删帖、转发、评论、点赞。基于DrissionPage+Chrome CDP。
元数据
常见问题
Weibo Operations 是什么?
Weibo (微博) write operations via DrissionPage + Chrome CDP. Post, delete, repost, comment, and like on weibo.com. Activate when user asks to publish/delete/re... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。
如何安装 Weibo Operations?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install weibo-ops」即可一键安装,无需额外配置。
Weibo Operations 是免费的吗?
是的,Weibo Operations 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Weibo Operations 支持哪些平台?
Weibo Operations 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Weibo Operations?
由 sunwz1115(@sunwz1115)开发并维护,当前版本 v1.0.0。
推荐 Skills