← 返回 Skills 市场
X To Kindle
作者
brianlu365ai
· GitHub ↗
· v0.1.1
1386
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install x-to-kindle
功能描述
Send X/Twitter posts to Kindle for distraction-free reading. Use when user shares an X/Twitter link and wants to read it on Kindle, or asks to send a tweet/thread to their Kindle device.
安全使用建议
This skill appears to implement its stated function, but there are two practical concerns you should consider before installing:
1) Secrets and metadata mismatch: SKILL.md and the script require SMTP_EMAIL, SMTP_PASSWORD (app password), and KINDLE_EMAIL, but the registry metadata lists no required env vars. Do not assume the skill is safe just because metadata omits credentials — the code will need them.
2) Arbitrary-file-sending risk: The included tool will send any local file path you pass to it to the configured Kindle email. That is necessary to send the generated HTML, but it also means a mis-invocation or malicious agent behavior could exfiltrate local files. To reduce risk:
- Use a dedicated email account (Gmail) and an app-specific password with minimal access; avoid using your primary account.
- Use a disposable or limited-permissions Kindle address if possible.
- Only grant SMTP_PASSWORD to skills you trust, and prefer rotating the app password after testing.
- Inspect and, if possible, modify the script so it only accepts files from a controlled directory (e.g., a sandboxed /tmp/<skill>/ folder) or validates filenames before sending.
- Confirm how your agent platform prompts you (or not) before invoking the tool; require explicit user confirmation for any send operation.
- Verify network calls (fxtwitter API) are acceptable for your privacy policy; consider using an API you trust or self-hosted fetch logic.
If you cannot or will not follow these mitigations, avoid installing or provide only throwaway credentials for testing.
功能分析
Type: OpenClaw Skill
Name: x-to-kindle
Version: 0.1.1
The `send_to_kindle.py` script is designed to send any local file specified by its command-line argument to a pre-configured Kindle email address via SMTP. While the `SKILL.md` instructions limit its intended use to a generated HTML file in `/tmp`, the underlying script's broad file access capability (reading arbitrary files from the filesystem) combined with network exfiltration (emailing the file) presents a significant risk. A malicious prompt could instruct the agent to use this tool to exfiltrate sensitive files (e.g., `~/.ssh/id_rsa`, `/etc/passwd`) to the configured Kindle email, which, while user-controlled, still constitutes unauthorized data exfiltration from the agent's environment.
能力评估
Purpose & Capability
Name/description match the implementation: the skill fetches tweet content (via fxtwitter), formats HTML and sends it to a Kindle email. However, the registry metadata declares no required environment variables or primary credential, while SKILL.md and send_to_kindle.py require SMTP_EMAIL, SMTP_PASSWORD and KINDLE_EMAIL; this metadata mismatch is inconsistent and could mislead users about what secrets the skill needs.
Instruction Scope
Runtime instructions stay within the stated purpose (fetch tweet, build HTML, email to Kindle) but they also instruct writing files to /tmp and invoking a tool that will send any local file path given. The tool accepts arbitrary file paths and will email their contents, which is powerful and could be abused to exfiltrate sensitive local files if the agent or user supplies a path other than the generated article.
Install Mechanism
No install spec (instruction-only with a small Python script included). Nothing is downloaded from external arbitrary URLs and no package manager installs are required, so install risk is low.
Credentials
The functionality legitimately requires SMTP credentials and a Kindle email. Those are sensitive credentials (SMTP app password) and should have been declared in the skill metadata; omitting them from the declared 'requires.env' is an incoherence. Requiring SMTP credentials is proportionate, but the skill's ability to use them autonomously raises risk if the credentials are given without restrictions.
Persistence & Privilege
The skill is not always-included and does not request persistent system privileges. However, it can be invoked autonomously (platform default). Combined with SMTP credentials, autonomous access would allow the skill to send emails without further user confirmation — a non-trivial risk that depends on how the platform governs autonomous tool invocation and secret usage.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install x-to-kindle - 安装完成后,直接呼叫该 Skill 的名称或使用
/x-to-kindle触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
x-to-kindle 0.1.1 Changelog
- Initial release: Send X/Twitter posts and threads to Kindle devices for distraction-free reading.
- Fetches tweet content via fxtwitter API and formats as Kindle-compatible HTML attachment.
- Supports sending via Gmail SMTP with configurable variables for ease of setup.
- Includes example workflow and configuration instructions for rapid deployment.
v0.1.0
- Initial release of x-to-kindle: send X/Twitter posts to your Kindle for distraction-free reading
- Supports extracting tweets/threads from X/Twitter URLs using the fxtwitter API
- Formats content as Kindle-friendly HTML attachments for reliable delivery
- Includes SMTP/Gmail integration for automated sending to your Kindle device
- Simple tool: `send_to_kindle` for sending local files (PDF, HTML, TXT) via email
元数据
常见问题
X To Kindle 是什么?
Send X/Twitter posts to Kindle for distraction-free reading. Use when user shares an X/Twitter link and wants to read it on Kindle, or asks to send a tweet/thread to their Kindle device. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1386 次。
如何安装 X To Kindle?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install x-to-kindle」即可一键安装,无需额外配置。
X To Kindle 是免费的吗?
是的,X To Kindle 完全免费(开源免费),可自由下载、安装和使用。
X To Kindle 支持哪些平台?
X To Kindle 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 X To Kindle?
由 brianlu365ai(@brianlu365ai)开发并维护,当前版本 v0.1.1。
推荐 Skills