技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.3
统计:⭐ 0 · 52 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :良性
Package:1067873313/x-twitter-poster
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :良性
OpenClaw 评估
The skill's code and instructions match its stated purpose (connecting to a user Chrome instance over CDP to post tweets); the high-risk element (full browser access via an open CDP port) is intrinsic to that purpose and is documented in the README/SKILL.md.
目的
Name/description, SKILL.md, and the code all consistently implement posting to X by connecting Playwright to a user Chrome instance over CDP. The dependency on Playwright and the need for a CDP URL is appropriate for this functionality.
说明范围
The instructions explicitly require opening Chrome with --remote-debugging-port and connecting to that local endpoint, which grants the skill access to all browser tabs, cookies, and sessions. That scope is necessary for the stated approach but is high-risk; the SKILL.md and README explicitly warn about these risks and advise mitigations.
安装机制
There is no install spec in the registry, but package.json declares playwright as a dependency. Installing Playwright (npm install) is expected for this skill but is a non-trivial dependency (binaries, browsers). No suspicious download URLs or extract steps are present.
证书
The code reads CDP_URL and X_USERNAME from environment variables (with sensible defaults). CDP_URL is sensitive because it exposes the browser; however, requesting it is proportional to the chosen implementation. Registry metadata lists no required env vars, which is a minor metadata/documentation mismatch but not a functional inconsistency.
持久
The skill does not request persistent 'always' inclusion, does not modify other skills or global agent settings, and does not store credentials. It runs on-demand and is not granted extraordinary platform privileges.
综合结论
This skill does what it says: it connects to a Chrome instance via the remote debugging (CDP) port to type and send a tweet. That design inherently allows full access to your browser (tabs, cookies, sessions), so only enable the CDP port in a controlled context. Before using: (1) review post_tweet.js yourself or have someone you trust review it; (2) run it with a throwaway Chrome profile or inside a disposable VM/container, not your primary ac…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「X Twitter Poster」。简介:X (Twitter) 发推 Skill。使用 Playwright 连接用户已登录的 Chrome 浏览器,自动填写并发送推文。 适用场景: - 用户要求"…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/1067873313/x-twitter-poster/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。