ClawHub

X Bookmarks Digest

v1.0.0

Automatically review X/Twitter bookmarks for useful tools, projects, repos, products, and ideas. Fetches via xurl, analyses for value, and outputs an actiona...

0· 93·0 current·0 all-time
byBEARLY_HODLING@bearly-hodling
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill needs python3 and xurl and uses them to fetch bookmarks, categorise them, and output a digest. Required binaries, local state.json usage, and proposed actions (git clone, brew install, clawhub install) are consistent with the described purpose.
Instruction Scope
SKILL.md and scripts limit actions to: checking xurl auth, invoking xurl to fetch bookmarks, analysing the fetched JSON, and updating a local state.json. The instructions do not read unrelated system files or environment variables, nor do they transmit data to external endpoints other than the X API via the xurl CLI. The skill explicitly requires user confirmation before executing proposed actions (no automatic installs).
Install Mechanism
There is no install spec; this is instruction/code-only and relies on system python3 and xurl. No downloads or remote installs are performed by the skill itself, minimizing install-time risk.
Credentials
The skill declares no required environment variables or credentials. It delegates X API auth to the xurl CLI (which manages tokens). The only persistent file is a local state.json storing bookmark watermark and timestamps — consistent with the stated rate-limiting behavior.
Persistence & Privilege
always is false and the skill writes only its own state.json in its base directory. It does not modify other skills or system-wide agent settings. Autonomous invocation is allowed by default (platform normal) but not inherently excessive here.
Assessment
This skill appears to do what it says: it calls the locally-installed xurl CLI, fetches bookmarks, runs local Python scripts to categorise them, and updates a local state.json file. Before installing, consider: 1) Ensure you trust the xurl CLI and its authentication method (xurl will manage any X tokens). 2) The skill will create/update state.json in the skill directory (only IDs/timestamps are stored). 3) The agent will propose actions like git clone, brew install, or clawhub install but the SKILL.md explicitly says not to auto-execute — only proceed with those actions after you review and confirm. 4) If you prefer more control, run the included scripts manually (they are provided) rather than allowing autonomous execution. If you want extra assurance, review the three scripts (fetch_bookmarks.py, analyse_bookmarks.py, digest_runner.sh) yourself — they are small and readable.

Like a lobster shell, security has layers — review code before you run it.

latestvk9731r9jtjcnrwm8ykempzx4ad83812j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔖 Clawdis
Binspython3, xurl

Comments