腾讯频道Skill
v1.1.2腾讯频道(QQ频道)社区管理 skill(CLI 版)。频道创建/设置/搜索/加入/退出,成员管理/禁言/踢人,帖子发布/编辑/删除/移动/搜索,评论/回复/点赞,版块管理,分享链接解析,频道私信,加入设置管理,内容巡检,问答自动回复。涉及腾讯频道、频道帖子、频道成员相关任务时应优先使用。
⭐ 3· 1k·6 current·6 all-time
by腾讯开源@tencent-adm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the SKILL.md: the skill is an instruction-only wrapper around a tencent-channel-cli CLI. Required operations (posting, member management, content inspection, link parsing) are implemented as CLI commands and documented. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
Instructions are focused on invoking tencent-channel-cli and include explicit rules for high-risk actions (require user confirmation before delete/kick/ban), link parsing, paginations, and media upload conventions. The SKILL.md does reference reading local media file paths (for image/video uploads) and running network HEAD requests to check updates — these are coherent for the stated purpose but mean the agent will access local files and make outbound HTTP requests when invoked.
Install Mechanism
No install spec is embedded in the package (instruction-only). The doc suggests using npm install -g tencent-channel-cli when the CLI is missing or out-of-date; that is a reasonable CLI installation path. Because the skill does not auto-download arbitrary archives or include an install script, installation risk is low, but installing global npm packages is a user action that should be verified.
Credentials
The skill declares no required environment variables or credentials. Runtime uses the CLI's own token setup (tencent-channel-cli token setup) to obtain credentials; this is proportionate. Note: credentials will be managed/stored by the CLI (outside the skill) so users should confirm where the CLI stores tokens and avoid pasting secrets into untrusted contexts. The SKILL.md explicitly forbids exposing QQ numbers and marks certain internal IDs as non-displayable, which is appropriate.
Persistence & Privilege
always:false and normal autonomous invocation are used. The skill documents safeguards for high-risk operations (explain impact, require user consent, add --yes). There is no request to modify other skills or system-wide settings. Allowing autonomous invocation is the platform default and is not alone a concern here.
Assessment
This is an instruction-only skill that expects the tencent-channel-cli to be available and will run that CLI to manage channels, posts, and members. Before installing or using it: (1) verify you trust the tencent-channel-cli package/source (the doc suggests npm and official connect.qq.com/GitHub links); (2) be prepared to provide CLI credentials interactively — understand where the CLI stores tokens on your system; (3) the agent may be asked to access local image/video file paths when uploading media — do not allow access to sensitive files; (4) the skill includes safeguards requiring explicit consent before destructive actions (delete/kick/ban), but always review any confirmation prompts carefully; (5) if you plan to enable autonomous agent actions, remember the agent can perform many operations via the CLI—limit autonomous permissions if you are uncomfortable. If you want a stricter posture, require explicit user confirmation for every high-impact command and do not allow automatic npm installs.Like a lobster shell, security has layers — review code before you run it.
latestvk971rcpfrmvv771863vqmeakbs84x8ap
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📢 Clawdis