ClawHub

Personal Toutiao Pub

v1.0.0

今日头条微头条自动发布工具。触发词:"发布头条"、"发微头条"、"头条发布

0· 384·3 current·3 all-time
byChellen@chellen021
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (auto-publish to 今日头条) matches the code and SKILL.md: the script uses Playwright and connects to a local Chrome remote-debugging port to reuse login state, opens the Toutiao publishing page, fills content, uploads images, and saves screenshots. Connecting to local Chrome is necessary for reusing a logged-in session for this task.
!
Instruction Scope
The SKILL.md and script direct the agent/user to start Chrome with --remote-debugging-port and the script connects over CDP to the user's browser, giving it access to browser contexts/tabs/cookies. The script reads text files/images from disk and writes screenshots to ~/Desktop. The default content (DEFAULT_CONTENT) auto-inserts a self-referential message that would be published to the user's account unless overridden; the script also automatically extends short content with additional text. These behaviors could publish unexpected content and expose browser session data.
Install Mechanism
No automated install spec is included (instruction-only install). SKILL.md tells user to pip install playwright and run playwright install chromium. That's a standard dependency for this script but it requires the user to run package installation themselves; no remote downloads or obscure URLs are used in the package instructions.
Credentials
The skill requests no environment variables or external credentials. However, it demands access to the local Chrome debug port (localhost:9222), which effectively grants the script access to browser session state; this is proportionate to reuse-of-login but is a high-privilege access that should be considered sensitive.
Persistence & Privilege
Skill is not always-on and is user-invocable. Model invocation is allowed (normal), so an agent could call this skill autonomously. Combined with its ability to connect to the local browser session, autonomous invocation increases risk (the script could act using the user's logged-in accounts). There is no evidence the skill modifies other skills or system-wide settings.
Scan Findings in Context
[no_issues_found] expected: Static pre-scan reported no injection signals. The absence of findings is not a guarantee of safety; the runtime behavior (CDP connection, publishing actions, default publish text) is the main risk.
What to consider before installing
This skill will connect to your locally running Chrome (via --remote-debugging-port=9222) so it can reuse your logged-in Toutiao session — that grants the script access to browser contexts, cookies, and tabs. Before installing or running: 1) Review and, if desired, edit DEFAULT_CONTENT in toutiao_publish.py so it does not publish a self-referential or unexpected message. 2) Test on a disposable/dummy account first. 3) Do not leave Chrome started with remote debugging open on an untrusted network or machine. 4) Be cautious about allowing autonomous agent invocation (disable autonomous calls if you do not want the agent to publish without an explicit prompt). 5) If uncertain, run the script manually and inspect its behavior rather than giving it broad automatic permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk978xgh4w41hbnxbn3fks2f08582hf4j
384downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Chellen@chellen021
latest
Download

今日头条发布工具

自动发布微头条到今日头条,支持复用本地 Chrome 登录态,支持智能等待登录。

功能特性

  • 复用登录态:连接本地 Chrome,无需重复登录
  • 智能等待登录:未登录时自动等待,登录成功后继续
  • 智能内容扩展:内容不足100字自动扩展
  • 自动勾选选项:自动勾选"个人观点,仅供参考"
  • 支持图片上传:可附带图片发布
  • 截图保存:发布成功后自动截图保存到桌面
  • 支持文件输入:可从文件读取长文本内容

触发方式

发布头条:今天天气真好
发微头条 今天学到了很多新知识
头条发布 "分享一个有趣的故事..."

使用方法

命令行使用

# 基本使用(发布默认内容)
python3 toutiao_publish.py

# 发布指定内容
python3 toutiao_publish.py "今天天气真好,心情也不错!"

# 从文件读取内容
python3 toutiao_publish.py -f content.txt

# 带图片发布
python3 toutiao_publish.py "内容" --image ~/Desktop/pic.jpg

# 使用无头模式(新浏览器)
python3 toutiao_publish.py "内容" --headless

# 未登录时不等待,直接退出
python3 toutiao_publish.py "内容" --no-wait

前置要求

必须启动 Chrome 远程调试:

# Mac
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --remote-debugging-port=9222

# Windows
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222

# Linux
google-chrome --remote-debugging-port=9222

发布流程

  1. 连接本地 Chrome 浏览器
  2. 检查登录状态
    • 已登录:直接进入发布页面
    • 未登录:显示提示,自动等待登录(最长5分钟)
  3. 打开发布页面
  4. 输入内容(自动扩展到100字以上)
  5. 上传图片(如提供)
  6. 勾选发布选项:
    • 声明首发:头条首发(如存在)
    • 作品声明:个人观点,仅供参考
  7. 点击发布按钮
  8. 保存成功截图

参数说明

参数说明示例
content发布内容"今天天气很好"
-f, --file从文件读取-f post.txt
-i, --image图片路径--image pic.jpg
--headless无头模式--headless
--no-wait不等待登录--no-wait

智能等待登录

当检测到未登录时,脚本会:

  1. 显示提示信息:

    ⏳ 等待登录...
请在 Chrome 浏览器中完成登录
登录成功后将自动继续...
(最长等待 300 秒)

  2. 每2秒检查一次登录状态

  3. 检测到登录成功后自动继续发布流程

  4. 超过5分钟未登录则超时退出

使用 --no-wait 参数可禁用等待功能,未登录时直接退出。

输出

  • 成功截图~/Desktop/toutiao_publish_success.png
  • 错误截图~/Desktop/toutiao_error.png

故障排除

问题解决方案
无法连接 Chrome确保 Chrome 已启动并开启 9222 端口
未检测到登录在 Chrome 中访问 mp.toutiao.com 完成登录
等待登录超时检查网络,重新运行脚本
找不到输入框页面结构可能变化,检查错误截图
图片上传失败检查图片路径和格式
发布失败检查网络连接,查看错误截图

依赖

pip3 install playwright --break-system-packages
playwright install chromium

文件结构

skills/toutiao-publisher/
├── SKILL.md              # 本说明文件
└── toutiao_publish.py    # 主脚本

Created: 2026-03-08 Updated: 2026-03-08(新增智能等待登录)

Comments

Loading comments...