← 返回 Skills 市场
X Twitter Poster
作者
1067873313
· GitHub ↗
· v0.1.3
· MIT-0
477
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install x-twitter-poster
功能描述
X (Twitter) 发推 Skill。使用 Playwright 连接用户已登录的 Chrome 浏览器,自动填写并发送推文。 适用场景: - 用户要求"发推"、"发一条推"、"发推文"、"发推特" - 用户要求"帮我发一条关于 XX 的推" - 用户要求"发一条推文,内容是..." 核心能力: - 连接用户...
安全使用建议
This skill does what it says: it connects to a Chrome instance via the remote debugging (CDP) port to type and send a tweet. That design inherently allows full access to your browser (tabs, cookies, sessions), so only enable the CDP port in a controlled context. Before using: (1) review post_tweet.js yourself or have someone you trust review it; (2) run it with a throwaway Chrome profile or inside a disposable VM/container, not your primary account; (3) install dependencies (npm install) in an isolated environment; (4) manually start Chrome with --remote-debugging-port and close that port when done; (5) verify network activity if you are worried about data exfiltration — the included code does not call external endpoints beyond connecting to the local CDP and navigating the browser to x.com. If you cannot follow these precautions, do not enable the CDP port or run this skill.
功能分析
Type: OpenClaw Skill
Name: x-twitter-poster
Version: 0.1.3
The skill requires users to launch Chrome with the `--remote-debugging-port=28800` flag, which exposes the browser's DevTools Protocol (CDP) to any local process. This allows full control over the browser session, including access to cookies, saved passwords, and all open tabs. While `post_tweet.js` performs the stated task of posting to X (Twitter) and the documentation in `SKILL.md` and `README.md` provides extensive security warnings, the architectural reliance on an exposed debugging port to bypass anti-bot mechanisms is a high-risk design that creates a significant security vulnerability.
能力评估
Purpose & Capability
Name/description, SKILL.md, and the code all consistently implement posting to X by connecting Playwright to a user Chrome instance over CDP. The dependency on Playwright and the need for a CDP URL is appropriate for this functionality.
Instruction Scope
The instructions explicitly require opening Chrome with --remote-debugging-port and connecting to that local endpoint, which grants the skill access to all browser tabs, cookies, and sessions. That scope is necessary for the stated approach but is high-risk; the SKILL.md and README explicitly warn about these risks and advise mitigations.
Install Mechanism
There is no install spec in the registry, but package.json declares playwright as a dependency. Installing Playwright (npm install) is expected for this skill but is a non-trivial dependency (binaries, browsers). No suspicious download URLs or extract steps are present.
Credentials
The code reads CDP_URL and X_USERNAME from environment variables (with sensible defaults). CDP_URL is sensitive because it exposes the browser; however, requesting it is proportional to the chosen implementation. Registry metadata lists no required env vars, which is a minor metadata/documentation mismatch but not a functional inconsistency.
Persistence & Privilege
The skill does not request persistent 'always' inclusion, does not modify other skills or global agent settings, and does not store credentials. It runs on-demand and is not granted extraordinary platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install x-twitter-poster - 安装完成后,直接呼叫该 Skill 的名称或使用
/x-twitter-poster触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.3
x-twitter-poster 0.1.3
- Improved security instructions with a clear "安装前检查清单" for safer use.
- Added sensitive config variable explanations and handling practices.
- Strengthened general safety recommendations and practical security tips.
- No code logic changed; documentation enriched for end-user safety and clarity.
v0.1.2
x-twitter-poster v0.1.2
- Added cross-platform support: send key is now Meta+Enter (Mac) or Ctrl+Enter (Windows/Linux), auto-detected by script.
- Enhanced security section: added clear warnings about CDP port risks and best practices for safe usage.
- The username for post verification is now configurable via function parameter or X_USERNAME environment variable.
- Updated documentation for usability and security clarity.
- No external data is sent; code safety emphasized in docs.
v0.1.1
x-twitter-poster 0.1.1
- Enhanced documentation: SKILL.md expanded with deeper explanations, troubleshooting, and step-by-step startup guidance.
- Clarified that the skill inherits the user’s session from their actively running Chrome, avoiding detection and login issues.
- Simplified description and requirements for greater readability and confidence in correct operation.
- Updated technical details in usage instructions for more robust and reliable tweet posting.
- No core API or interface changes; all updates pertain to docs and clarity.
v0.1.0
x-twitter-poster v0.1.0
- Initial release: Automates posting tweets via Playwright by connecting to a logged-in Chrome browser session.
- Posts are composed and sent using keyboard emulation (keyboard.type & Meta+Enter), required due to X/Twitter’s React-based form validation.
- Automatically navigates to user profile after posting to confirm tweet delivery.
- For use when users ask to post tweets or publish specific content on X/Twitter.
- Requires Chrome running in CDP mode and an already logged-in user session.
元数据
常见问题
X Twitter Poster 是什么?
X (Twitter) 发推 Skill。使用 Playwright 连接用户已登录的 Chrome 浏览器,自动填写并发送推文。 适用场景: - 用户要求"发推"、"发一条推"、"发推文"、"发推特" - 用户要求"帮我发一条关于 XX 的推" - 用户要求"发一条推文,内容是..." 核心能力: - 连接用户... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 477 次。
如何安装 X Twitter Poster?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install x-twitter-poster」即可一键安装,无需额外配置。
X Twitter Poster 是免费的吗?
是的,X Twitter Poster 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
X Twitter Poster 支持哪些平台?
X Twitter Poster 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 X Twitter Poster?
由 1067873313(@1067873313)开发并维护,当前版本 v0.1.3。
推荐 Skills