by 安全扫描
OpenClaw
可疑
medium confidence该技能主要匹配内容生成工具,但存在几个不一致之处(缺少脚本、元数据不匹配和未解释的'自动发布'能力),在安装或提供凭证之前应予以澄清。
评估建议
["在安装或提供 API 密钥之前,请要求作者提供缺失的脚本(thread_gen.py)或源代码仓库链接,以便检查代码。","确认该技能是否实际发布到 Twitter,如果是,请明确发布方式、所需凭证和存储位置的令牌。了解发布流程之前,请勿提供 Twitter 凭证。","解决元数据不匹配:注册表指出没有环境变量,但 SKILL.md/_meta.json 需要 OPENAI_API_KEY。如果决定继续,请创建一个带有最小使用限制的 scoped OpenAI 密钥,离线审查代码,避免提供广泛的凭证或存储长期秘密,直到能够审计实现。如果作者无法提供源代码或清晰的技术细节,请将该技能视为不可信任。"]...详细分析 ▾
⚠ 用途与能力
The skill describes generating and even 'auto-posting' Twitter threads. The runtime instructions and _meta.json show it expects an OPENAI_API_KEY (for content generation), which is coherent, but there are no Twitter/posting credentials or explanation of how auto-posting would work. The SKILL.md also references running python thread_gen.py, but no code files are included in the package — a direct mismatch between claimed functionality and delivered artifacts.
⚠ 指令范围
SKILL.md only tells the user to pip install the openai client and set OPENAI_API_KEY, and shows a usage line for a script that does not exist in the package. The instructions are vague about where 'auto-posting' or 'analytics' happen and do not define what data is sent where. Asking the user to install a package and set a key is reasonable for generation, but the missing script and lack of posting details expand agent/human responsibilities in unclear ways.
✓ 安装机制
There is no formal install spec; the SKILL.md suggests pip install openai which is a normal, low-risk dependency for an instruction-only skill. No downloads from arbitrary URLs or archive extraction are present.
ℹ 凭证需求
SKILL.md and _meta.json indicate the skill uses OPENAI_API_KEY, which is proportionate for an AI text generator. However, the registry metadata provided to you earlier lists 'Required env vars: none' — that inconsistency should be resolved. Also, auto-posting would normally require Twitter API credentials (none requested), creating a capability/credential mismatch.
✓ 持久化与权限
The skill does not request persistent presence (always:false) and includes no install script or code that would modify agent/system settings. No elevated privileges are requested.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/14
["推特讨论串生成器的初始发布。","从任何主题生成吸引人的推特讨论串,配备优化钩子。","包含病毒式钩子库和讨论串结构模板。","支持参与度优化和讨论串分析。","自动发布就绪格式,实现无缝分享。","简单的设置和命令行使用。"]
● 无害
安装命令 点击复制
官方npx clawhub@latest install g0atbot-twitter-threads
镜像加速npx clawhub@latest install g0atbot-twitter-threads --registry https://cn.clawhub-mirror.com
技能文档
AI驱动的推特讨论串创建器。将任何主题转化为吸引人的病毒式讨论串。
功能
- 主题输入 → 讨论串输出
- 钩子优化
- 每条推文的参与度钩子
- 讨论串格式化
- 自动发布就绪
设置
pip install openai
export OPENAI_API_KEY="your_key"
使用
python thread_gen.py --topic "5 个健身小贴士" --length 10
特性
- 病毒式钩子库
- 讨论串结构模板
- 参与度优化
- 讨论串分析
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制