首页龙虾技能列表 › auto-reply — 技能工具

auto-reply — 技能工具

v1.0.0

[自动翻译] Instagram DM auto-reply system. DM monitoring, reading, replying, security check (injection rejection). Use when checking Instagram DMs, reading unrea...

1· 772·5 当前·5 累计
by @mupengi-bot·MIT-0
下载技能包
License
MIT-0
最后更新
2026/2/26
安全扫描
VirusTotal
Pending
查看报告
OpenClaw
可疑
medium confidence
The skill is broadly what it claims (an Instagram DM auto-reply that uses the browser CDP to extract cookies and call Instagram internal APIs), but there are inconsistencies and data-exfiltration risks (undeclared environment variables, optional Discord notifications that send message previews, and use of CDP cookie extraction) that you should understand before installing.
评估建议
This skill will extract Instagram session cookies from a running browser via the Chrome DevTools Protocol and use them to call Instagram's internal APIs — that is required for it to read and reply to DMs but is sensitive because those cookies let the tool act as your account. The scripts can also send message previews to Discord if you set DISCORD_TOKEN and OWNER_DISCORD_ID (these env vars are used but not declared in the skill metadata). Before installing or running: (1) review and trust the au...
详细分析 ▾
用途与能力
The code implements an Instagram DM monitor and auto-reply flow that matches the description: it extracts cookies from a running browser via CDP, calls Instagram internal APIs, writes state/alert files, and exposes read/reply/check commands. That functionality is coherent with the stated purpose. However, the skill claims no required credentials/env but the code optionally uses environment variables (DISCORD_TOKEN, OWNER_DISCORD_ID, OPENCLAW_GATEWAY, BROWSER_PORT) which are not declared in the metadata — this mismatch reduces transparency.
指令范围
SKILL.md tells you to run node scripts, which is expected, but the scripts do more than simple CLI calls: they connect to a local browser CDP endpoint and extract Instagram cookies (session tokens) and then call Instagram's internal endpoints. The watcher also writes dm-alert.json and dm-state.json to disk and can POST message previews to Discord if a bot token is present. The SKILL.md mentions Discord notifications in places but does not declare the required Discord credentials; the scripts access env vars that were not declared. Reading browser cookies and forwarding message previews to external services is a scope that should be explicitly documented and consented to.
安装机制
This is an instruction-only skill (no install spec). It does include Node.js scripts and recommends the global 'ws' package; the lack of an install step keeps risk lower than an arbitrary download/install. The user still needs to install 'ws' and run Node scripts locally.
凭证需求
The skill metadata declares no required env vars or primary credential, but the code reads several environment variables if present: BROWSER_PORT (optional), DISCORD_TOKEN and OWNER_DISCORD_ID (to notify via Discord), and OPENCLAW_GATEWAY (defined but not used). Extracting cookies from the browser (csrftoken, ds_user_id) is necessary to operate but is highly sensitive — those session cookies effectively let the tool act as your Instagram user. The optional Discord behavior will send message previews out of your environment if a Bot token is configured. These environment/credential accesses are not fully documented in the metadata and thus are disproportionate to the declared 'none'.
持久化与权限
The skill does not set always:true and does not modify other skills. It writes local files (dm-alert.json, dm-state.json) in its directory for state/alerting and can be run as a daemon or via cron; that persistence is expected for a watcher. Nothing in the code appears to elevate system privileges or alter other skills' configurations.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/15

Initial release

● Pending

安装命令 点击复制

官方npx clawhub@latest install auto-reply
镜像加速npx clawhub@latest install auto-reply --registry https://cn.clawhub-mirror.com

技能文档

v2.js (Internal API) based. 0 browser snapshots, CDP cookie extraction → Instagram REST API direct calls.

Prerequisites

  • OpenClaw browser running (port 18800)
  • Instagram tab open and logged in
  • ws npm package (npm i -g ws or local)

Script List

ScriptPurpose
scripts/v2.jsDM CLI (inbox, unread, check, read, reply)
scripts/auto-reply.jsRead dm-alert.json, security check, return reply metadata
scripts/check-notify.jsCheck new DM notifications (for cron, state file based)
scripts/dm-watcher.jsReal-time DM detection daemon (15s polling)

Core Workflows

1. Check DMs

node scripts/v2.js check        # unread count (lightest)
node scripts/v2.js unread       # unread DM list
node scripts/v2.js inbox        # full DM list

2. Read Messages

node scripts/v2.js read "" -l 5

3. Reply

node scripts/v2.js reply "" "message content"

On API failure, returns JSON with method: "use_browser" + threadUrl → fallback to browser tool.

4. Notification Check (cron integration)

node scripts/check-notify.js
  • If new DMs: outputs 📩 새 DM N건: ...
  • If none: outputs no_new
  • Uses state file dm-state.json to prevent duplicates

5. Auto-Reply Flow

node scripts/auto-reply.js
  • Read dm-alert.json (created by dm-watcher)
  • Run security check on each DM
  • Return results: needs_reply / security_alert / skipped
  • AI generates replies for needs_reply DMs → send via v2.js reply

6. Real-time Detection Daemon

node scripts/dm-watcher.js              # detection only
node scripts/dm-watcher.js --auto-reply  # includes Discord notification

Polls v2.js check every 15s. On new DM detection, writes dm-alert.json + Discord DM notification.

Security Check (Injection Rejection)

auto-reply.js's SECURITY_PATTERNS detects:

  • Prompt Injection: "ignore previous", "system prompt", "you are now", "act as", "pretend"
  • Jailbreak Attempts: "override", "jailbreak", "DAN mode", "bypass"
  • Sensitive Info Requests: "secret key", "private key", "seed phrase", "wallet address"
  • Code Execution Attempts: "execute command", "run script", "eval(", "rm -rf", "sudo"
  • Social Engineering: "simulation mode", zero-width characters

On threat detection → don't reply, return security_alert. Separate notification sent.

Cron Setup Example

# Check DMs every 5 minutes

  • schedule: "/5    *"
    • 
  
command: "node /path/to/scripts/check-notify.js"
  systemEvent: true
# Or dm-watcher daemon for continuous monitoring

  • schedule: "@reboot"
    • 
  
command: "node /path/to/scripts/dm-watcher.js --auto-reply"
  background: true

Token Efficiency

  • inbox/check: exec 1 call (~500 tokens)
  • reply: exec 1 call (~200 tokens)
  • browser snapshots: 0

🐧 Built by 무펭이Mupengism ecosystem skill

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务