ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Social Media Manager

v1.0.1

AI驱动的社交媒体管理工具,自动生成内容日历,推荐最佳发布时间,智能互动回复及表现分析优化。

0· 235·0 current·0 all-time
by@lvjunjie-byte·duplicate of @lvjunjie-byte/ai-social-media-manager

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lvjunjie-byte/ai-social-media-manager-lvjunjie.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Ai Social Media Manager" (lvjunjie-byte/ai-social-media-manager-lvjunjie) from ClawHub.
Skill page: https://clawhub.ai/lvjunjie-byte/ai-social-media-manager-lvjunjie
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ai-social-media-manager-lvjunjie

ClawHub CLI

Package manager switcher

npx clawhub@latest install ai-social-media-manager-lvjunjie
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description (social media posting, replies, analytics) reasonably require platform credentials; however the registry metadata declares no required env vars or config paths while the SKILL.md and README explicitly instruct the user to add platform credentials (username/password, cookie, API keys) to TOOLS.md. That discrepancy (tool asking for credentials but metadata not declaring them) is incoherent and worth flagging.
!
Instruction Scope
SKILL.md/README instruct the user to place sensitive credentials (cookies, passwords, API keys, access tokens) into a TOOLS.md file. The instructions do not declare how those secrets are stored or protected beyond a claim of 'encrypted storage' in README. The runtime instructions also reference connecting platforms and using those secrets for posting/replying; although the included adapters are currently stubs that return mock data, the instructions give explicit guidance to collect and store credentials — this expands scope into handling sensitive secrets and is not surfaced in the skill metadata.
Install Mechanism
No install spec is provided (instruction-only install via 'clawhub install' is documented), which is low-risk in itself. However this package includes multiple JS source files (cli, adapters, engine). The lack of an explicit install script/spec in the registry metadata is a minor mismatch but not inherently dangerous — installation will write bundled code to disk when the package is installed.
!
Credentials
The skill asks for high‑sensitivity secrets (cookies, platform passwords, API keys, access tokens) in its README/SKILL.md but the declared requirements list none (no required env vars, no required config paths). That omission prevents automated policy checks and is disproportionate: asking for many unrelated secrets without declaring them in metadata reduces transparency and increases risk of accidental credential exposure.
Persistence & Privilege
The skill does not request always:true or elevated platform privileges. It is user-invocable and allows normal autonomous invocation (default), which is expected. There is no code that modifies other skills or agent-wide settings in the bundle.
What to consider before installing
This package implements the advertised features in local JS code and currently uses mock/stubbed adapters, but its documentation tells you to add sensitive platform credentials (cookies, passwords, API keys, access tokens) into a TOOLS.md file — and the skill metadata does not declare those config paths or required secrets. Before installing or providing secrets: (1) avoid putting real credentials into plaintext project files (TOOLS.md) — prefer OS secret stores or environment variables; (2) inspect/verify how credentials are used and stored (search for any network calls, remote endpoints, or encryption code); (3) run the package in a sandboxed environment first and review runtime behavior (network connections, outbound endpoints); (4) ask the maintainer to clarify where credentials are stored and to update metadata to declare required config/credentials; and (5) if you must test, use test accounts / limited-permission tokens rather than your primary accounts.

Like a lobster shell, security has layers — review code before you run it.

latestvk977g2d168gqmekpeae60p0q05839tcm
235downloads
0stars
1versions
Updated 6h ago
v1.0.1
MIT-0
@lvjunjie-byte
latest
Download

AI-Social-Media-Manager Skill

AI 驱动的社交媒体管理技能,自动化内容创作、发布和优化。

功能

  • 📅 内容日历自动生成 - 基于行业趋势和受众分析生成月度内容计划
  • 最佳发布时间推荐 - 分析受众活跃度,推荐最优发布时段
  • 💬 自动回复和互动 - 智能回复评论、私信,提升互动率
  • 📊 表现分析和优化 - 追踪关键指标,提供优化建议

支持平台

  • Twitter/X
  • 小红书
  • 微博
  • LinkedIn
  • Instagram
  • 微信公众号

安装

clawhub install ai-social-media-manager

使用示例

生成内容日历

ai-smm calendar generate --platform xiaohongshu --month 2026-03 --topic "科技产品评测"

获取最佳发布时间

ai-smm schedule best-time --platform weibo --audience "18-35 岁科技爱好者"

自动回复评论

ai-smm engage auto-reply --post-id "xxx" --tone "友好专业"

分析表现

ai-smm analytics report --period "last_30_days" --platforms "xiaohongshu,weibo"

配置

TOOLS.md 中添加社交媒体账号配置:

### Social Media

- xiaohongshu: {username: "xxx", cookie: "xxx"}
- weibo: {username: "xxx", password: "xxx"}
- twitter: {api_key: "xxx", api_secret: "xxx"}

定价

$99/月 - 包含所有平台无限次使用

API 参考

详见 src/README.md

Comments

Loading comments...