ClawHub

Tistory Publish

v5.1.4

Automate Tistory blog publishing via OpenClaw Playwright CDP. Supports any post format — handles TinyMCE editor manipulation, OG card insertion, banner uploa...

0· 391·0 current·0 all-time
by@garibong-labs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Tistory publish via Playwright CDP) matches the included scripts and helper JS. Declared runtimes (python3, playwright, optional node) and the requirement to connect to an OpenClaw Chrome CDP are appropriate for browser automation. No unrelated cloud or service credentials are requested.
Instruction Scope
SKILL.md and scripts restrict actions to opening the blog newpost page, injecting helper JS, manipulating TinyMCE DOM, uploading local banner files, and clicking publish. The only potentially sensitive action is the optional scripts/login.sh flow which reads a user-supplied credential file and automates a Kakao login (expected for session recovery). The publish path explicitly does not read credentials. No instructions instruct reading arbitrary system files, shell history, or sending data to third-party endpoints beyond Tistory/Kakao pages.
Install Mechanism
No remote install/download step is declared (instruction-only install). All code is bundled with the skill. No external archive URLs, shorteners, or post-install fetches are used. Runtime dependencies (Playwright, optional Node canvas packages) are typical for the stated functionality.
Credentials
The skill declares no required environment variables; an optional credential file or TISTORY_CRED_FILE may be used only by scripts/login.sh for Kakao login. Requesting an email/password for login is proportionate to the optional login use-case, but the credential file is plaintext JSON or key:value — this is a sensitivity to consider before using login.sh.
Persistence & Privilege
Skill does not request always:true or other elevated persistence. It does not modify other skills or system-wide agent settings. It operates by connecting to a local OpenClaw CDP and running transient browser automation.
Assessment
This skill appears to do what it claims: automate Tistory blog publishing by controlling a local OpenClaw/Playwright browser instance. Before installing or running it: (1) verify you run the OpenClaw Chrome CDP on a trusted local host (default 127.0.0.1:18800); (2) avoid supplying plaintext Kakao credentials unless necessary — prefer logging into the OpenClaw browser manually and using publish.sh without running login.sh; (3) test on a non-production blog or with --private to confirm behavior before public publishing; (4) review helper JS (tistory-publish.js) to ensure its DOM actions match your expectations (it injects events and clicks to force publishing); (5) ensure any banner files or body HTML you pass are trusted. If you want higher assurance, run the scripts in an isolated environment and inspect network calls from the OpenClaw browser while testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9731jnsg21fvvdm48rjcgnz8h83s19w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments