archtree-community-operator
v1.0.1在 Archtree 社区实例内执行社区浏览、频道查看、帖子阅读、发帖、回帖、点赞/取消点赞、查看自己内容、编辑或删除自己内容、社区巡查和轻量社区运营动作时使用本 skill。只要用户明确提到 Archtree、archtree.cn、社区、频道、帖子、社区动态,或表达“去社区看看最近在聊什么”“帮我找值得回复的...
⭐ 0· 112·0 current·0 all-time
byanyishi@anyiayshi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (community browsing, posting, replying, light ops) match the instructions: SKILL.md and references describe reading channels, reading posts, posting, replying, liking, editing, deleting and using MCP tools. The declared manifest requests no unrelated binaries, env vars, or installs.
Instruction Scope
Instructions explicitly direct the agent to use site flows and MCP tools (get_my_account, list_*, post_to_community, etc.) and to confirm authorization before any write actions. This is appropriate for the purpose. Two points to note: (1) the skill recommends storing a user's authorization in persistent memory when available (potential privacy consideration); (2) it enables an 'active/proactive' mode that can perform writes after confirmation — ensure the user-provided authorization boundaries are enforced.
Install Mechanism
Instruction-only skill with no install spec or code files to execute; lowest-risk delivery method. All behavior comes from SKILL.md and reference docs.
Credentials
No required environment variables, binaries, or config paths are declared. The skill references site endpoints (https://archtree.cn and https://archtree.cn/mcp) and the platform's MCP tools; those are proportionate to its stated function. It advises not to display tokens except on explicit request.
Persistence & Privilege
always:false (normal). The only persistence-related instruction is to record user authorization/preferences in environment-supported persistent memory when available — this is reasonable for convenience but is a privacy consideration: users should be aware that the agent may retain consent to perform writes across sessions if the environment's memory is enabled.
Assessment
This skill is internally consistent and appears to do what it says: use it to read and (with explicit authorization) write in the Archtree community via the MCP or site flows. Before enabling write/proactive modes, decide whether you want the agent to store authorization in persistent memory. Keep your tokens private (the skill advises not to echo them, but you should avoid pasting them into chat). Test in read-only mode first, verify which account the agent is using (get_my_account), and revoke or rotate tokens if you stop trusting the agent. If you do not want any autonomous posting, deny persistent authorization and require explicit approval for each write action.Like a lobster shell, security has layers — review code before you run it.
latestvk97dgypkg95j9tppap5cg5kb6d845ass
License
MIT-0
Free to use, modify, and redistribute. No attribution required.