← Back to Skills Marketplace
amortalsodyssey

Follow Builders Sidecar

by Amo · GitHub ↗ · v1.0.9 · MIT-0
cross-platform ⚠ suspicious
117
Downloads
1
Stars
0
Active Installs
9
Versions
Install in OpenClaw
/install follow-builders-sidecar
Description
OpenClaw-only sidecar for the original follow-builders skill. Use when the user wants to take over scheduling and delivery without modifying the upstream ski...
README (SKILL.md)

Follow Builders Sidecar

This skill is the external delivery/scheduling layer for the original follow-builders skill.

It does not patch the upstream repo. It only:

  • imports the original config once
  • disables the original digest cron
  • creates and owns its own hourly cron
  • checks upstream feed commits
  • builds the digest
  • delivers it through OpenClaw or Feishu card

Runtime requirements

This skill expects:

  • node for all sidecar scripts
  • python3 for avatar circle-cropping
  • openclaw for cron inspection, job takeover, and message delivery

It also reads and writes local files during normal operation:

  • reads ~/.follow-builders/config.json once during takeover
  • writes ~/.follow-builders-sidecar/config.json
  • writes ~/.follow-builders-sidecar/state.json
  • optionally writes ~/.follow-builders-sidecar/credentials.json for local-only direct Feishu app credentials
  • can reuse OpenClaw-configured Feishu account settings when Feishu card delivery is enabled

When to use this skill

Use this skill when the user asks to:

  • install or take over from the original follow-builders
  • switch digest delivery to the sidecar flow
  • configure timezone / language / daily-vs-weekly / delivery driver
  • check whether takeover worked
  • disable sidecar and optionally restore the original cron

Primary commands

Takeover / setup

Before running setup, ask the user which Feishu card mode they want:

  1. Reuse an existing OpenClaw Feishu account
  2. Configure a local direct Feishu app for this sidecar

If the user chooses direct Feishu app mode, collect:

  • appId
  • appSecret
  • chatId
  • optional domain (feishu by default, lark when needed)

Run:

node scripts/sidecar-setup.js

Optional flags:

  • --driver openclaw_announce|feishu_card
  • --channel \x3Cchannel>
  • --to \x3Ctarget>
  • --account \x3CaccountId>
  • --feishu-mode openclaw_account|direct_credentials
  • --feishu-account \x3CaccountId>
  • --feishu-chat-id \x3CchatId>
  • --feishu-app-id \x3CappId>
  • --feishu-app-secret \x3CappSecret>
  • --feishu-domain feishu|lark
  • --avatar-fallback-account \x3CaccountId>

Configure

Run:

node scripts/sidecar-configure.js ...

Common flags:

  • --language zh|en|bilingual
  • --timezone \x3CIANA timezone>
  • --frequency daily|weekly
  • --weekly-day monday|...|sunday
  • --driver openclaw_announce|feishu_card
  • --channel \x3Cchannel>
  • --to \x3Ctarget>
  • --account \x3CaccountId>
  • --feishu-mode openclaw_account|direct_credentials
  • --feishu-account \x3CaccountId>
  • --feishu-chat-id \x3CchatId>
  • --feishu-app-id \x3CappId>
  • --feishu-app-secret \x3CappSecret>
  • --feishu-domain feishu|lark

Important:

  • After takeover, configuration belongs to the sidecar.
  • Do not tell the user to keep changing the original skill's delivery time.
  • If the user wants a different trigger window, tell them to edit the sidecar cron itself.

Status

Run:

node scripts/sidecar-status.js

Rollback

Run:

node scripts/sidecar-rollback.js --reenable-original

Use --reenable-original only when the user explicitly wants to restore the original cron.

Manual test run

To test the pipeline without sending anything:

node scripts/run-sidecar.js --skip-delivery

Delivery rules

  • default driver is openclaw_announce
  • optional driver is feishu_card
  • Feishu card mode supports:
    • openclaw_account: reuse a Feishu app already configured in OpenClaw
    • direct_credentials: store a local-only Feishu appId/appSecret/chatId for this sidecar
  • feed freshness is based on upstream GitHub commit time
  • only same-local-day commits are valid
  • daily: one successful send per local day
  • weekly: only on the configured weekday, one successful send per week

Upstream compatibility rules

The upstream follow-builders skill may evolve beyond the current three feeds.

When working with this sidecar, always treat upstream evolution as a first-class concern:

  1. Before changing sidecar compatibility logic, inspect the upstream SKILL.md.
  2. Inspect the upstream repo root for all feed-*.json files, not just:
    • feed-x.json
    • feed-podcasts.json
    • feed-blogs.json
  3. If a new upstream feed appears, do not silently ignore it.
  4. First determine whether the new feed can be handled by:
    • an existing adapter
    • a generic pass-through adapter
    • or a new dedicated adapter that must be added
  5. If the sidecar cannot safely interpret the new feed schema yet, explicitly surface that limitation to the user instead of pretending nothing changed.

Design intent:

  • SKILL.md is for agent/operator understanding
  • code-level adapter/registry logic is for runtime compatibility

Do not rely on prose alone for runtime support. A note in SKILL.md helps the agent understand what to inspect, but actual support for a new feed still requires code or schema-level compatibility logic.

External endpoints

The sidecar may contact these external services:

  • https://api.github.com/ to discover upstream feed files and latest relevant commits
  • https://raw.githubusercontent.com/ to load upstream feed JSON and prompts
  • https://publish.twitter.com/oembed to expand quoted tweets
  • podcast RSS hosts declared in config/default-sources.json to repair episode links
  • https://unavatar.io/ to fetch public avatar images
  • https://open.feishu.cn/open-apis/ or https://open.larksuite.com/open-apis/ when Feishu card delivery is enabled

Security and privacy

  • The sidecar does not modify the upstream follow-builders repo.
  • The sidecar does not send local files to arbitrary third-party endpoints.
  • OpenClaw and Feishu routing are used only to deliver the digest the user asked for.
  • Direct Feishu app credentials, when configured, stay in ~/.follow-builders-sidecar/credentials.json and are not intended for repository storage.
  • The sidecar's own local state lives under ~/.follow-builders-sidecar/.

Trust statement

Installing this skill means allowing it to read the user's local follow-builders config once during takeover, call the upstream public feed sources, reuse OpenClaw-configured delivery accounts or optional local direct Feishu credentials, and optionally send digest data to OpenClaw or Feishu. Only install it if you trust that behavior.

Safety rules

  • Never modify the original follow-builders repo during normal operation
  • Never silently re-enable the original cron unless the user asks for rollback
  • If the original cron is found enabled again during runtime, disable it and keep the sidecar as source of truth
Usage Guidance
This sidecar appears to do what it says, but review and consider the following before installing: - It will disable the original follow-builders cron and create an hourly sidecar cron. Back up the original config/cron if you might want to restore it. - If you choose 'reuse OpenClaw account' mode the scripts will call the openclaw CLI to read configured Feishu accounts — that means the sidecar can read any Feishu credentials stored in your OpenClaw config. If you prefer not to expose those, use 'direct_credentials' and provide appId/appSecret/chatId (which will be stored locally under ~/.follow-builders-sidecar/credentials.json). - The sidecar contacts external endpoints (GitHub raw files, GitHub API, publish.twitter.com oEmbed, podcast RSS feeds, unavatar.io, and Feishu API) to fetch feeds, prompts, avatars, and to send messages — verify you are comfortable with those network calls. - A dry-run option exists (node scripts/run-sidecar.js --skip-delivery) — use it first to validate behavior without sending messages. - The package is instruction-heavy and requires running npm install in the scripts directory; inspect the scripts if you have stricter security requirements. If you trust the upstream repository and accept the intended changes to the original job and local credential storage, the sidecar is coherent and appropriate to use.
Capability Analysis
Type: OpenClaw Skill Name: follow-builders-sidecar Version: 1.0.9 The skill implements a 'takeover' mechanism that programmatically disables existing OpenClaw cron jobs and replaces them with its own scheduling logic (sidecar-setup.js). It possesses high-risk capabilities, including the ability to read OpenClaw's internal configuration—potentially exposing credentials for other messaging channels—and executing local system commands via execFile (sidecar-common.js). While these behaviors are documented as part of its purpose to manage digest delivery, the broad access to the OpenClaw CLI and the storage of Feishu app secrets in a local JSON file (~/.follow-builders-sidecar/credentials.json) create a significant attack surface. No clear evidence of intentional data exfiltration to unauthorized third-party endpoints was observed.
Capability Tags
cryptocan-make-purchasesposts-externally
Capability Assessment
Purpose & Capability
Name/description match requested capabilities. The scripts require node, python3, and call the openclaw CLI (to inspect/disable/create crons and to reuse configured accounts). Reading ~/.follow-builders/config.json and writing ~/.follow-builders-sidecar/* is consistent with the stated one-time import and sidecar state ownership.
Instruction Scope
SKILL.md instructs the agent to run specific node scripts (setup/configure/status/rollback/run-sidecar) and documents the exact files and paths the sidecar reads/writes. The instructions and script behavior stay within the described goal (takeover, build digest, deliver via OpenClaw or Feishu). It explicitly documents network calls (GitHub, Twitter oEmbed, podcast RSS, unavatar, Feishu API) which are expected for fetching feeds, prompts, avatars, and sending cards.
Install Mechanism
There is no registry install spec (instruction-only), and the bundled code relies on npm dependencies declared in package.json/package-lock.json (dotenv, proper-lockfile). No remote arbitrary download/install URLs or extract steps are present in the repository metadata provided.
Credentials
The skill requests no environment variables, which is proportional. It does, however, execute the openclaw CLI to read OpenClaw config (including Feishu accounts) and may therefore access secrets stored in the user's OpenClaw configuration; that is expected if the user chooses the 'reuse OpenClaw account' delivery mode. In direct Feishu mode it will store appId/appSecret/chatId locally at ~/.follow-builders-sidecar/credentials.json. These behaviors are justified by the delivery modes but are important to be aware of.
Persistence & Privilege
always:false and user-invocable are appropriate. The sidecar intentionally modifies another skill's runtime by disabling the original cron and creating its own cron — this is the declared purpose (takeover). Users should be aware that the skill will alter the original follow-builders job state (it records original job id, disables it, and creates a new hourly cron).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install follow-builders-sidecar
  3. After installation, invoke the skill by name or use /follow-builders-sidecar
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.9
Add dual Feishu delivery modes with OpenClaw account reuse and local direct credentials.
v1.0.8
Reduce credential surface for ClawHub release and remove direct sidecar secret storage.
v1.0.7
Split GitHub credential/env access out of sidecar-common so the published sidecar no longer mixes local credential reads with network requests in one file.
v1.0.6
Sync the published sidecar with the current main repo, shipping the latest digest/runtime updates from myproject and bumping the release to 1.0.6.
v1.0.5
Declare required binaries, config paths, and packaged files in SKILL.md frontmatter, document local file access and external endpoints explicitly, and switch the preview image to a GitHub absolute URL for ClawHub rendering.
v1.0.4
Move the Feishu card screenshot to the top of the README and turn it into a clearer product-style preview section for ClawHub and GitHub readers.
v1.0.3
Move entry-point file I/O into dedicated helper modules so ClawHub scans can distinguish local state handling from remote fetch and delivery logic, without changing sidecar behavior.
v1.0.2
Split local I/O from network delivery paths to reduce false-positive security flags, while keeping the sidecar takeover, Feishu card delivery, filtering, and feed compatibility features unchanged.
v1.0.1
Initial ClawHub release with sidecar scheduling, Feishu card delivery, content enrichment, filtering, and upstream feed compatibility reporting.
Metadata
Slug follow-builders-sidecar
Version 1.0.9
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 9
Frequently Asked Questions

What is Follow Builders Sidecar?

OpenClaw-only sidecar for the original follow-builders skill. Use when the user wants to take over scheduling and delivery without modifying the upstream ski... It is an AI Agent Skill for Claude Code / OpenClaw, with 117 downloads so far.

How do I install Follow Builders Sidecar?

Run "/install follow-builders-sidecar" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Follow Builders Sidecar free?

Yes, Follow Builders Sidecar is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Follow Builders Sidecar support?

Follow Builders Sidecar is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Follow Builders Sidecar?

It is built and maintained by Amo (@amortalsodyssey); the current version is v1.0.9.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments