Auto Publisher
v1.0.0Multi-platform video auto-publisher. Automatically upload videos to Douyin, WeChat Channels, Xiaohongshu, Bilibili, YouTube and more. Supports batch publishi...
⭐ 3· 1.1k·8 current·8 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (multi-platform video auto-publisher) match the provided Python script and SKILL.md. The script uses Playwright to automate web UIs for Douyin, WeChat Channels, Xiaohongshu, Bilibili and YouTube, which is the expected approach for an automation tool that does QR and browser-based login. There are no unrelated required env vars, binaries, or external services declared.
Instruction Scope
SKILL.md and README instruct installing Playwright and running the Python script (including headless mode). The runtime instructions and the script operate on the user's local files (video files) and create/modify local config files (config/accounts.json, config/publish_log.json). They do not appear to read or exfiltrate unrelated system files or environment variables. Note: the tool depends on the user scanning QR codes and will persist login state (cookies/config) locally — this expands the data the skill holds and should be considered sensitive.
Install Mechanism
There is no automatic install spec in the registry (instruction-only skill). SKILL.md asks users to pip install playwright and to run 'playwright install chromium' — these are reasonable and expected for Playwright-based automation. No remote archives or obscure URLs are fetched by the skill itself.
Credentials
The skill requests no environment variables or external credentials from the registry metadata. However, it creates and stores account configuration locally (accounts.json) including fields for username/password and will persist cookies/session state locally. Those files are stored in plaintext by default and could contain sensitive tokens or cookies; this is proportionate to the tool's purpose but has privacy/security implications the user must accept.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or cross-skill privileges. It only creates/uses its own config files under a local 'config/' directory. It does not modify other skills or system-wide agent settings according to the provided files.
Assessment
This skill appears to do what it claims: browser-automated uploads using Playwright. Before installing/running it: 1) inspect config/accounts.json and config/publish_log.json after first run — they may contain usernames/passwords or cookies in plaintext; avoid storing sensitive accounts there or encrypt the files yourself; 2) run the tool in a controlled environment (separate account or VM) if you are worried about stored session data; 3) prefer official platform APIs for enterprise/high-security use (the README already recommends that); 4) ensure Playwright and the Chromium runtime are installed from official sources; and 5) review the full script for any additional logging or network calls you might not want (the provided code visits official platform domains and automates uploads, but you should audit the rest of the file if you need higher assurance).Like a lobster shell, security has layers — review code before you run it.
latestvk974w1bkda5pcm4bbcj9r467q98220cs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.