ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multi Platform Publisher Claw

v1.0.0

全平台内容自动分发与搜索排名优化专家。将内容(视频/图文)一键同步发布到抖音、小红书、视频号、B站、微博等多个平台,自动进行平台差异化适配(标题长度/话题标签/封面尺寸)、SEO关键词优化、最佳时间计算,并监控发布状态。 触发场景:用户说"发布内容"、"多平台发布"、"一键分发"、"自动发布"、"定时发布"、"S...

0· 82·0 current·0 all-time
byRicky@tujinsama

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tujinsama/multi-platform-publisher-claw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Multi Platform Publisher Claw" (tujinsama/multi-platform-publisher-claw) from ClawHub.
Skill page: https://clawhub.ai/tujinsama/multi-platform-publisher-claw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install tujinsama/multi-platform-publisher-claw

ClawHub CLI

Package manager switcher

npx clawhub@latest install multi-platform-publisher-claw
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill promises one‑click publishing to multiple Chinese platforms but the included script only simulates posting (mock URLs) and contains TODOs for real API/selenium integration. The package declares no platform credentials or API endpoints even though publishing to these services normally requires per‑platform auth. This mismatch between claimed capability and actual code is incoherent.
!
Instruction Scope
SKILL.md instructs running scripts and says "需提前配置各平台账号(`.env` 文件)" but does not enumerate which environment variables or credential formats are expected. The runtime instructions are otherwise limited to adapting content and invoking the Python script; however the vague .env instruction gives the agent/user broad discretion to supply secrets later.
Install Mechanism
There is no install spec (lowest risk) but the script comments list runtime dependencies (selenium, requests) that are not declared or installed. Selenium implies additional setup (browser driver) which the skill does not document. No remote downloads or obscure URLs are present.
!
Credentials
The registry metadata lists no required environment variables or primary credential, yet SKILL.md tells users to configure platform accounts in a .env file. This omission is concerning because it is unclear which secrets the skill will need or how they will be used/stored, increasing the risk of accidental credential disclosure.
Persistence & Privilege
The skill does not request elevated or persistent privileges (always:false). It is user‑invocable and allows autonomous invocation by default (platform default). Because credential handling is ambiguous, autonomous invocation would widen impact if secrets are later requested — review credential handling before enabling autonomous actions.
What to consider before installing
Do not supply platform passwords or tokens until you know exactly which credentials are needed and how they are used. Specific recommendations: (1) Inspect the code yourself: note that publish-content.py currently only simulates posting and contains TODOs for real API/selenium integration. (2) Ask the author which environment variables (names/formats) the skill expects and whether it uses OAuth tokens or raw passwords. (3) If you must test, use non‑production accounts and run the script in an isolated environment (container or VM). (4) Expect to install selenium and a browser driver if automated web posting will be enabled. (5) Prefer skills that declare required env vars and use documented, OAuth‑style APIs rather than opaque .env password files. If you cannot obtain clarifications about credential handling and real API endpoints, treat this skill as incomplete/untrusted and avoid providing sensitive secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bbep2j3zxqb5b4rvxd0ttks858b5p
82downloads
0stars
1versions
Updated 6d ago
v1.0.0
MIT-0
Ricky@tujinsama
latest
Download

全平台自动分发虾 (multi-platform-publisher-claw)

工作流程

步骤 1:收集内容包 确认以下信息(缺失时向用户询问):

  • 内容文件:视频(MP4/MOV)或图文(Markdown/HTML)
  • 封面图片(JPG/PNG)
  • 标题和描述
  • 目标平台列表(默认全平台)
  • 发布时间(默认立即发布)

步骤 2:平台差异化适配 参考 references/platform-rules.md 对各平台进行内容适配。

步骤 3:SEO优化 参考 references/seo-optimization.md 优化关键词和话题标签。

步骤 4:确定发布时间 参考 references/best-posting-time.md,若用户未指定时间则推荐最佳时段。

步骤 5:执行发布 调用 scripts/publish-content.py 发布内容:

# 发布到所有平台(立即)
python3 scripts/publish-content.py --all --video video.mp4 --title "标题" --desc "描述"

# 定时发布
python3 scripts/publish-content.py --all --video video.mp4 --title "标题" --desc "描述" --schedule "2026-04-02 09:00"

# 发布到指定平台
python3 scripts/publish-content.py --platform douyin,bilibili --video video.mp4 --title "标题" --desc "描述"

步骤 6:汇总报告 发布完成后输出各平台发布状态(成功/失败/审核中)及内容链接。

注意事项

  • 小红书无官方API,通过自动化脚本发布,稳定性较低
  • 定时发布依赖服务持续运行
  • 失败自动重试最多3次
  • 需提前配置各平台账号(.env 文件)

Comments

Loading comments...