social-auto-tool-builder-1.1.0
v1.1.0复用“小红书自动回复项目”实战经验,快速构建新的本地AI自动化工具(含多平台选择器映射模板)
⭐ 1· 635·1 current·1 all-time
by范士轶@cruciata
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and skill.yaml all describe building a local AI + Playwright auto-responder and the instructions only reference Playwright, local Ollama, packaging to EXE, selector templates and dry-run vs send flows — these are coherent and expected for that purpose.
Instruction Scope
SKILL.md explicitly instructs reading DOM/snippets/screenshots to calibrate selectors, running dry-runs, and then performing sends; it does not instruct the agent to read unrelated system files or exfiltrate secrets. It does reference checking a local Ollama HTTP endpoint (127.0.0.1) and using persistent_context for browser login state, which is appropriate for the stated functionality.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. The SKILL.md suggests using common package installs (pip, playwright install) and EXE packaging tools; nothing is pulled from arbitrary URLs in the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The only runtime network reference is to localhost:11434 (local Ollama), which matches the stated use of a local model. No unrelated tokens or secrets are requested.
Persistence & Privilege
Skill flags are default (not always:true). It does not request persistent platform-wide privileges or instruct modification of other skills or agent-wide configs. It does suggest storing browser login state (persistent_context) which is expected for an automation tool that must act as a logged-in user.
Assessment
This skill appears coherent with its stated goal of producing a local Playwright + Ollama auto-responder. Before using or following its instructions: 1) Understand that the resulting tool will automate actions as your logged-in browser user — test carefully in dry-run mode and on non-production accounts to avoid policy/ToS violations. 2) The skill assumes you run a local Ollama server (127.0.0.1:11434) and have Playwright/browser binaries installed; ensure those are legitimate and up-to-date. 3) The skill itself asks for no secrets, but the tools you build may require login cookies or credentials stored in the browser profile — keep those local and secure. 4) When packaging an EXE, verify the build scripts and any bundled files yourself to avoid accidentally including sensitive data. If you want a higher-assurance review, provide the actual automation code (auto_responder_production.py, build_exe.ps1, requirements.txt) so those files can be inspected for unsafe behavior (remote endpoints, credential capture, obfuscated operations).Like a lobster shell, security has layers — review code before you run it.
latestvk9767pef4w5hcgyxx3a6yv00358353fe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.