← 返回 Skills 市场
802
总下载
0
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install x-read
功能描述
Render and summarize a public X (Twitter) link when you need to read the tweet/article content without logging in.
安全使用建议
This skill appears coherent and read-only: it scrapes public X pages with Puppeteer and needs no API keys. Before installing, consider: (1) Puppeteer will download a Chromium binary and pull many npm packages—expect a heavier install and network activity. (2) The script launches Chromium with '--no-sandbox' and related flags (common for containerized runs) which reduces process-level sandboxing; run the skill in a hardened environment or sandboxed container. (3) Verify you are comfortable with automated scraping under the target site's terms of service. (4) Review the index.js output and test locally with a few public links to confirm behavior. (5) Do not provide any secrets to the skill (it does not need them). If you want stricter safety, restrict this skill to explicit user invocation only and monitor network egress from the runtime environment.
功能分析
Type: OpenClaw Skill
Name: x-read
Version: 1.0.1
The skill's `index.js` uses Puppeteer to launch a Chromium instance with the `--no-sandbox` flag. This critically disables Chromium's security sandbox, creating a significant Remote Code Execution (RCE) vulnerability if a malicious URL is processed. This directly contradicts the `SKILL.md` documentation, which claims a 'sandboxed Chromium instance' is launched. While this is a severe security flaw, there is no evidence of intentional malicious behavior such as data exfiltration, persistence, or unauthorized actions beyond the stated web scraping purpose.
能力评估
Purpose & Capability
Name/description match the implementation: index.js uses Puppeteer to load X permalinks, extract tweet/article text, links, and media, and format a markdown summary. No unrelated environment variables, binaries, or external services are requested.
Instruction Scope
SKILL.md explicitly instructs a read-only workflow (navigate to URL, wait for tweet/article selectors, extract text/media). The runtime directives in index.js stay within that scope (DOM scraping, optional fallback of full page text). It does log some page text for debugging but does not transmit data to external endpoints beyond the normal navigation to the provided URL.
Install Mechanism
There is no separate install spec, but package.json depends on puppeteer (and package-lock lists npm registry packages). Installing will pull Puppeteer and associated npm packages, and Puppeteer typically downloads a Chromium browser binary (archive extraction). This is expected for the task but is heavier than a pure script and involves network/IO during install.
Credentials
The skill requires no environment variables, credentials, or config paths; the requested privileges are proportional to the stated read-only scraping purpose.
Persistence & Privilege
The skill is not marked always:true and does not attempt to persist or modify other skills or global settings. It uses normal, on-demand invocation privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install x-read - 安装完成后,直接呼叫该 Skill 的名称或使用
/x-read触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Documented skill for ClawHub release using skill-creator packaging.
元数据
常见问题
X Read 是什么?
Render and summarize a public X (Twitter) link when you need to read the tweet/article content without logging in. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 802 次。
如何安装 X Read?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install x-read」即可一键安装,无需额外配置。
X Read 是免费的吗?
是的,X Read 完全免费(开源免费),可自由下载、安装和使用。
X Read 支持哪些平台?
X Read 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 X Read?
由 Tylordius(@tylordius)开发并维护,当前版本 v1.0.1。
推荐 Skills