ClawHub

Openclaw Creator Setup

v3.0.1

OpenClaw 内容创作者快速配置工具。帮助内容创作者检测环境、配置平台、管理工作流。 **当以下情况时使用此 Skill**: (1) 用户想要配置内容创作者环境 (2) 检查飞书授权和 Skills 安装状态 (3) 配置发布平台(微信、微博、抖音等) (4) 创建或管理工作流模板 (5) 用户提到"内容创...

0· 60·0 current·0 all-time
by@rfdiosuao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description and runtime instructions align: the skill checks Feishu auth, enumerates installed Skills, configures publishing platforms, and manages workflows. The declared tool calls (feishu_get_user, agents_list, sessions_spawn, subagents, message) are coherent with these goals.
Instruction Scope
SKILL.md stays within the creator-setup scope (check auth, list skills, create workflows, save platform configs). It references saving platform configuration and requiring platform API authorizations but does not specify storage locations or data retention—ask the author where credentials/configs are stored and what data is persisted.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by the skill itself, which minimizes install risk.
Credentials
Manifest lists no required env vars or credentials, but the skill explicitly relies on Feishu authorization and platform API credentials at runtime. This is proportionate to its purpose, but you should verify what existing agent-level tokens or external platform credentials it will use and where those are stored.
Persistence & Privilege
always is false and the skill is user-invocable (normal). It can spawn subagents (sessions_spawn, subagents), which grants it the ability to create/manage child agents—this is expected for workflow management but warrants review of what permissions those spawned subagents inherit.
Assessment
This skill appears coherent for configuring a creator environment, but before installing: 1) verify the skill's source/repository and author (confirm the GitHub/ClawHub links are trustworthy); 2) confirm what Feishu scopes/tokens the skill will check or use and where platform API credentials (Wechat/Weibo/Douyin/etc.) would be stored; 3) ask how long any saved configs/credentials are retained and who can access them; 4) review the permissions and capabilities of any subagents the skill might spawn (to ensure they don't get more access than necessary); and 5) if anything is unclear, request the author to document storage locations and token handling before granting platform-level credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk974y5d8s3rbh8n41j1knmq32d84hmyx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments