技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 2k · 11 current installs · 11 all-time installs
⭐ 0
安装量(当前) 11
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:arubiku/mia-twitter-stealth
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's runtime instructions request session tokens, Playwright/Chromium, and persistent cookie storage but the registry entry lists no required env vars or install — these mismatches and a prompt-injection pattern make the package incoherent and potentially risky.
目的
The SKILL.md describes a CLI-style tool (mia-twitter) and requires X_AUTH_TOKEN/X_CT0 and Playwright with Chromium, but the registry metadata declares no required env vars, no binaries, no install. An instruction-only skill that expects a local 'mia-twitter' CLI and Playwright runtime without providing install details or declaring required credentials is inconsistent and unexplained.
说明范围
Instructions explicitly instruct session persistence (cookies, localStorage, user-data-dir), human-behavior simulation, and use of auth tokens. Those actions require filesystem and credential access and could enable long-lived access to an account; yet nothing in the manifest declares or limits that access. The SKILL.md also contains patterns consistent with prompt-injection (unicode-control-chars).
安装机制
There is no install spec and no code files — the skill is purely instructions that assume the existence of a 'mia-twitter' CLI and Playwright/Chromium. That mismatch (instructions expecting runtime artifacts that are not provided or declared) is a red flag: either required software will be installed externally (not documented) or the skill is incomplete/misleading.
证书
The SKILL.md requests X_AUTH_TOKEN and X_CT0, which are session/authorization tokens capable of full account control on Twitter/X. Requesting such powerful secrets is proportionate for direct API/browser automation, but the registry did not declare a primary credential nor list these env vars — creating an unexplained gap and risk of secret misuse or accidental exposure.
持久
The skill's behavior relies on persistent session data (cookies, localStorage, user-data-dir) to remain stealthy across runs. Although the skill is not forced always-on, its instructions encourage writing persistent artifacts to disk which can increase long-term risk (account takeover, stealthy automation). The manifest does not explain where or how those files are managed or protected.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Mia Twitter Stealth」。简介:Twitter/X automation with advanced stealth and anti-detection。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/arubiku/mia-twitter-stealth/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: mia-twitter-stealth
description: Twitter/X automation with advanced stealth and anti-detection
version: 1.0.0
author: MiaBloomx
tags:
- twitter
- automation
- stealth
- anti-detection
- social-media
metadata:
clawdbot:
emoji: 🕵️♀️
---
# Mia Twitter Stealth 🕵️♀️
Twitter/X automation with advanced stealth techniques to avoid bot detection.
## Anti-Detection Features
### 1. Playwright Stealth
- Hides `navigator.webdriver`
- Masks Chrome automation flags
- Spoofs plugins and languages
### 2. Headful Mode
- `headless: false` by default
- Real browser UI visible
- Avoids headless detection
### 3. Human Behavior
- Random typing delays (50-150ms)
- Mouse movement simulation
- Random wait times
- Natural scroll patterns
### 4. Session Persistence
- Cookie storage
- LocalStorage persistence
- User data directory
### 5. Cooldown Management
- Rate limit tracking
- Automatic backoff
- 24h cooldown if flagged
## Usage
```bash
# Post tweet
mia-twitter post "Hello world"
# Reply to tweet
mia-twitter reply <tweet-id> "Great post!"
# Like tweets by search
mia-twitter like --search "AI agents" --limit 10
# Follow users
mia-twitter follow --search "founder" --limit 5
# Check notifications
mia-twitter notifications
```
## Safety
- Max 5 actions per hour
- Max 50 per day
- 2-5 min delays between actions
- Human-like patterns only
## Requirements
- X_AUTH_TOKEN env var
- X_CT0 env var
- Playwright with Chromium