首页 / 技能 / X Twitter Poster — 自动发推

📦 X Twitter Poster — 自动发推

v0.1.3

通过 Playwright 接管用户已登录的 Chrome,自动填写并发送推文,支持自然语言指令完成发推操作。

0· 383·0 当前·0 累计
1067873313 头像by @1067873313
自动化浏览器自动化
下载技能包
最后更新
2026/4/21
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
安全
high confidence
NULL
评估建议
This skill does what it says: it connects to a Chrome instance via the remote debugging (CDP) port to type and send a tweet. That design inherently allows full access to your browser (tabs, cookies, sessions), so only enable the CDP port in a controlled context. Before using: (1) review post_tweet.js yourself or have someone you trust review it; (2) run it with a throwaway Chrome profile or inside a disposable VM/container, not your primary account; (3) install dependencies (npm install) in an i...
详细分析 ▾
用途与能力
Name/description, SKILL.md, and the code all consistently implement posting to X by connecting Playwright to a user Chrome instance over CDP. The dependency on Playwright and the need for a CDP URL is appropriate for this functionality.
指令范围
The instructions explicitly require opening Chrome with --remote-debugging-port and connecting to that local endpoint, which grants the skill access to all browser tabs, cookies, and sessions. That scope is necessary for the stated approach but is high-risk; the SKILL.md and README explicitly warn about these risks and advise mitigations.
安装机制
There is no install spec in the registry, but package.json declares playwright as a dependency. Installing Playwright (npm install) is expected for this skill but is a non-trivial dependency (binaries, browsers). No suspicious download URLs or extract steps are present.
凭证需求
The code reads CDP_URL and X_USERNAME from environment variables (with sensible defaults). CDP_URL is sensitive because it exposes the browser; however, requesting it is proportional to the chosen implementation. Registry metadata lists no required env vars, which is a minor metadata/documentation mismatch but not a functional inconsistency.
持久化与权限
The skill does not request persistent 'always' inclusion, does not modify other skills or global agent settings, and does not store credentials. It runs on-demand and is not granted extraordinary platform privileges.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.1.32026/3/19

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install x-twitter-poster
镜像加速npx clawhub@latest install x-twitter-poster --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库