内容引擎 / Content Engine
v1.1.0内容引擎 — 跨平台内容创作与分发工具,支持自学习优化、Obsidian 集成、AI 配图提示词
⭐ 0· 89·0 current·0 all-time
byJun Zhang@hanjing5024064
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (cross‑platform content creation, Obsidian integration, WeChat support) align with the included scripts and declared optional environment variables (Twitter, LinkedIn, WeChat, Medium, blog path, Obsidian vault). The repository/source is unknown and homepage is missing — minor trust signals absent but not a functional inconsistency.
Instruction Scope
SKILL.md explicitly instructs the agent to run the included Python scripts which read/write local content (including an Obsidian vault path and a local data directory) and to make API calls to platform services when publishing. The instructions reference only platform-related env vars and local paths; they do not request unrelated system data. This scope (file reads under user-provided vault path, local storage, and network calls to target platforms) matches the stated purpose.
Install Mechanism
There is no install spec (instruction-only), and all behavior is implemented by bundled Python scripts. This is a low install risk, but SKILL metadata lists no required binaries while SKILL.md and examples call 'python3 scripts/...', so the skill effectively requires Python on PATH — that declared/required-binaries mismatch is an oversight to note.
Credentials
All environment variables are optional and directly related to publishing to specific platforms or to local paths/subscription tier. Sensitive tokens (AppSecret, bearer tokens) are requested only for the platforms they enable; this is proportionate. The README claim 'All data stored locally' is mostly accurate for content storage, but publishing necessarily sends content to third‑party platform APIs — not to unknown endpoints.
Persistence & Privilege
Skill does not request always:true or unusual privileges. It stores its own data under a local data directory and accesses the user-specified Obsidian vault; it does not declare modifications to other skills or system-wide settings.
Assessment
This skill appears to do what it says: manage, adapt, and publish content and integrate with an Obsidian vault. Before installing, verify a few things: (1) ensure you have Python 3 available (SKILL.md runs python3 but required‑binaries is not set); (2) only provide platform tokens (CE_* variables) for services you intend to use — these are sensitive credentials used to publish; (3) inspect scripts/publisher.py and metrics_collector.py (not fully shown here) to confirm which external endpoints are contacted and whether any telemetry/third‑party URLs are present; (4) set CE_OBSIDIAN_VAULT_PATH carefully so the skill only reads the intended notes; (5) be aware paid features (scheduling, WeChat publish, metrics) are gated by subscription logic in the code. If you need higher assurance, ask the maintainer for a homepage or source repo, and review the publisher/metrics code paths for network calls and destination URLs.Like a lobster shell, security has layers — review code before you run it.
content-creationvk97e1mpmhpbjk4xz5hr741nkex837kmvcross-platformvk97e1mpmhpbjk4xz5hr741nkex837kmvlatestvk97e1mpmhpbjk4xz5hr741nkex837kmvmarketingvk97e1mpmhpbjk4xz5hr741nkex837kmvobsidianvk97e1mpmhpbjk4xz5hr741nkex837kmvsocial-mediavk97e1mpmhpbjk4xz5hr741nkex837kmv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.