← 返回 Skills 市场
Xanadu Social Media Manager
作者
saintlittlefish
· GitHub ↗
· v1.2.0
388
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install xanadu-social-manager
功能描述
Use this skill when the user wants to manage social media scheduling, analytics, cross-posting, or AI-assisted content creation across Instagram, TikTok, Twi...
安全使用建议
Do not install or run this skill without addressing the bundled hardcoded credentials. The package includes scripts/billing_config.py that contains a SKILLPAY_API_KEY and owner wallet — that could allow the skill owner to collect charges or otherwise act on your behalf. Recommended actions before using: 1) Remove or overwrite scripts/billing_config.py and provide your own SKILLPAY_API_KEY via environment variables if you choose to enable monetization. 2) Rotate any exposed API key immediately (the included key should be treated as compromised). 3) Audit billing.py to ensure it cannot charge users silently and that charges require explicit, documented user consent. 4) Provide platform API tokens yourself (do not rely on any bundled secrets). 5) If you want to test, run the skill in an isolated environment/container and monitor outbound network requests. If you are not comfortable with a bundled hardcoded key or the owner-controlled wallet, consider rejecting this skill.
功能分析
Type: OpenClaw Skill
Name: xanadu-social-manager
Version: 1.2.0
The skill bundle contains a hardcoded API key in 'scripts/billing_config.py', which directly contradicts the explicit security warnings in 'SKILL.md' regarding credential management. Furthermore, 'scripts/billing.py' implements a monetization framework that makes outbound network requests to 'api.skillpay.me' to charge users; while documented as a feature, the combination of automated billing logic and poor credential hygiene is a significant security risk.
能力评估
Purpose & Capability
Name, description, and bundled scripts (scheduler, analytics, billing) align with a social-media manager. However, the registry metadata lists no required env vars while SKILL.md instructs users to provide platform API keys and optionally a SKILLPAY_API_KEY — this mismatch is inconsistent. The included billing_config.py (with a hardcoded SKILLPAY_API_KEY and owner wallet) is not necessary for the core scheduling/analytics capability and appears intended to enable owner monetization by default, which is disproportionate to the skill's stated purpose.
Instruction Scope
SKILL.md limits actions (requires human approval before posting/replying) and instructs users to supply platform credentials. The instructions do not mention bundling a billing_config.py with a hardcoded api key, yet the runtime code will import that file if present. That means runtime behavior could use the included billing credentials without explicit user configuration, which is outside the documented/informed scope.
Install Mechanism
No install spec present (instruction-only skill). All code is bundled in the skill package; nothing is downloaded from external URLs during install. This lowers install-time risk.
Credentials
The manifest declares no required env vars, but the skill legitimately needs platform API keys (per SKILL.md). More importantly, the bundle contains scripts/billing_config.py with a hardcoded SKILLPAY_API_KEY and OWNER_WALLET. Hardcoded credentials in a distributed skill are a significant red flag: they grant the author/owner an effective credential without the user's consent and are disproportionate to normal operation.
Persistence & Privilege
The skill does not request 'always: true' or modify other skills or system-wide settings. It writes a local queue.json to manage posts (normal for a scheduler). Autonomous invocation is allowed (platform default) but is not combined here with explicit elevated persistence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xanadu-social-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/xanadu-social-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
- Added new configuration file: scripts/billing_config.py.
- Updated scripts/billing.py for improved billing integration or configuration handling.
- No changes to SKILL.md content or user-facing documentation.
v1.1.0
- Refined SkillPay monetization setup: users must now configure their own credentials; hardcoded API keys are explicitly discouraged.
- Billing integration simplified and clarified, with support for environment variable configuration.
- Updated documentation to highlight user responsibility for credential management and security.
- Removed legacy billing config files (`SKILLPAY_CONFIG.md`, `scripts/billing_config.py`).
v1.0.0
- Initial release of Social Media Manager skill.
- Schedule posts across Instagram, TikTok, Twitter/X, LinkedIn, and Facebook.
- AI-assisted auto-reply to comments and DMs, pending user approval.
- Pull and compare analytics from multiple platforms.
- Cross-posting with platform-specific adaptation (format, hashtags, timing).
- SkillPay integration for monetization with multiple pricing tiers.
- Includes scheduling scripts, analytics scripts, billing integration, and content templates.
元数据
常见问题
Xanadu Social Media Manager 是什么?
Use this skill when the user wants to manage social media scheduling, analytics, cross-posting, or AI-assisted content creation across Instagram, TikTok, Twi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 388 次。
如何安装 Xanadu Social Media Manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xanadu-social-manager」即可一键安装,无需额外配置。
Xanadu Social Media Manager 是免费的吗?
是的,Xanadu Social Media Manager 完全免费(开源免费),可自由下载、安装和使用。
Xanadu Social Media Manager 支持哪些平台?
Xanadu Social Media Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Xanadu Social Media Manager?
由 saintlittlefish(@saintlittlefish)开发并维护,当前版本 v1.2.0。
推荐 Skills