Website Content Scraped into Obsidian
v0.1.2Fetch social media content and save to Obsidian. Supports Twitter/X, Reddit, GitHub, HackerNews, Bilibili, Weibo, Xiaohongshu and 30+ platforms via bb-browse...
⭐ 0· 80·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, config.yaml, platforms.md and scripts/fetch_save.py all align: the skill calls bb-browser to fetch posts, filters/tags them, and writes markdown files to an Obsidian vault. There are no unrelated credentials or unexplained binaries requested.
Instruction Scope
SKILL.md directs installing and using bb-browser and instructs the agent to create a scheduled sync (cron job). The code itself reads/writes config.yaml, a local state file, and writes files into a user-specified vault path — all expected for this purpose. Two things to note: (1) SKILL.md promises the agent will create cron jobs (system scheduling changes) — that is beyond mere file I/O and should be consented to, and (2) the workflow relies on bb-browser --openclaw to reuse the OpenClaw browser session, which means any logged-in session/data in that browser could be used by bb-browser adapters.
Install Mechanism
The repository contains no automated install spec; the instructions ask the user to install bb-browser via npm (global). This is a typical approach but requires Node/npm and a global install; there is no opaque download or embedded binary. No files in the skill perform arbitrary remote downloads during install.
Credentials
The skill declares no required environment variables or credentials and the Python script does not read secrets from env vars. It does probe common paths (home/.nvm, /usr/local/bin) to locate bb-browser and will read/write files under the user's home directory (config.yaml, state file, and the specified Obsidian vault). These accesses are proportionate to the stated purpose, but because bb-browser uses the OpenClaw browser session, it may access any web sessions/cookies present in that browser — that is a functional requirement but a privacy consideration.
Persistence & Privilege
always is false (normal). However SKILL.md states the agent will create cron jobs to enable scheduled syncs. Creating/modifying crontab entries is a system-level action outside the script itself; users should explicitly approve such changes. The skill does not claim or request permanent privileged presence beyond that.
Assessment
This skill appears to do what it says: it runs bb-browser to fetch posts, filters/tags them, and writes .md files into an Obsidian vault. Before installing or running it: (1) be prepared to install bb-browser (npm global) and ensure Node.js is acceptable on your machine; (2) review and set vault_base in config.yaml so files go where you expect; (3) run with --dry-run/--verbose first to observe behavior; (4) the skill’s scheduled sync flow will create cron jobs if the agent follows SKILL.md — only allow that if you want automatic system-level cron modifications; (5) be aware bb-browser --openclaw reuses the OpenClaw browser session (cookies/logins). If you do not want adapters to access logged-in sessions (bookmarks/notifications/private feeds), avoid reusing the browser session or log out of those sites first. Finally, inspect the config and the .claw-social-feed-state.json after a run so you understand what was fetched and when.Like a lobster shell, security has layers — review code before you run it.
latestvk97fh2edrt55zs7xnp0rsbekd183qwry
License
MIT-0
Free to use, modify, and redistribute. No attribution required.