首页 / 技能 / Gajago Sns — SNS内容自动生成

📦 Gajago Sns — SNS内容自动生成

v1.0.1

输入/가자고命令及文本/关键词/图片,即可一键生成Instagram、Facebook、Band所需的文案、配图与20秒短视频,为京畿道教育厅就业创业中心高效输出社媒内容。

0· 120·0 当前·0 累计
sang-su0916 头像by @sang-su0916
自动化AI模型访问工作流云服务
下载技能包
最后更新
2026/3/27
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
NULL
评估建议
This skill appears to implement SNS copy + image + video generation, but there are several red flags you should check before installing or running it: 1) SKILL.md contains a hard-coded GEMINI_API_KEY — treat this as a leaked credential; ask the author to remove it and require the operator to supply their own key via secure env var. 2) The skill assumes binaries and libs (python3, ffmpeg, Pillow/PIL) and specific system fonts exist but does not declare them — verify and run in a sandbox first. 3)...
详细分析 ▾
用途与能力
Name/description match the actual behavior (SNS copy + images + 20s video). However the runtime expects/uses resources that are not justified or declared: hard-coded local paths under /Users/isangsu, starts a local webapp in a user workspace, calls another skill's script (~/.openclaw/.../nano-banana-pro) via 'uv run', and embeds a GEMINI_API_KEY value in SKILL.md. The skill does not declare required binaries (ffmpeg, python3) or Python deps (Pillow). These undeclared assumptions are disproportionate to what the registry metadata lists.
指令范围
SKILL.md instructs the agent to read/process files in /Users/isangsu/.openclaw/media/inbound and to start a local webapp (npm run dev) and run external scripts (uv run nano-banana-pro). It also embeds and exports an API key inline when calling image-generation scripts. It references sending outputs via Telegram and opening Finder. The instructions therefore access local files, launch local services, and pass an API key to other scripts — actions outside a minimal 'generate copy' scope.
安装机制
No install spec (instruction-only), which is lower install-risk, but the package includes Python scripts that will run on the host when invoked. The scripts assume ffmpeg and system fonts exist and will write/read files under user paths and /tmp. There is no declaration of runtime dependencies (ffmpeg, Pillow), so the skill may fail or cause unexpected behavior if those are missing.
凭证需求
Registry metadata lists no required env vars, but SKILL.md contains a hard-coded GEMINI_API_KEY value (looks like a Google API key) and uses it when invoking image-generation. Embedding a credential in the documentation is inconsistent and risky. The skill also expects no other credentials but reads local user data paths and calls other local skill scripts — the declared environment is incomplete and not proportional.
持久化与权限
always is false and the skill does not request elevated platform privileges. It does start a local webapp if not running and writes outputs to user media folders, but it does not modify other skills or set permanent platform-level flags.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/3/27

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install gajago-sns
镜像加速npx clawhub@latest install gajago-sns --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库