Openclaw Facebook Marketing

Facebook browser automation skill for posting, reading comments, generating intelligent replies, and tracking comment threads. Designed for brand engagement...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 15 · 0 current installs · 0 all-time installs

by@x-rayluan

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The name/description (Facebook automation) matches the SKILL.md activities (posting, reading comments, replying). However the SKILL.md expects Node/Playwright scripts (node scripts/*.mjs) and a Playwright/Chrome runtime even though the registry metadata lists no required binaries or env vars. The skill also points to a browser profile (~/.openclaw/browser/facebook-profile) and references user-specific style files (/Users/m1/.openclaw/workspace-elon/SOUL.md). Requiring access to a browser profile and local style files is coherent for automation but should have been declared; the omission is an incoherence and increases risk.

Instruction Scope

The instructions tell the agent to run local scripts (facebook-poster.mjs, facebook-comments.mjs, facebook-reply.mjs) and to read/write files under ~/.openclaw/workspace/mark/ and specific user paths (e.g., /Users/m1/.openclaw/workspace-elon/SOUL.md). The skill instructs using the browser profile directory (likely containing session cookies) to perform Facebook actions. The bundle does not include these scripts, so the agent will rely on external code on the host. Instructions also include steps to inspect a specific account page (facebook.com/ray.luan) for recovery, which is a targeted action. Reading/writing these local paths and using an existing browser session gives the skill access to sensitive session data and local files beyond the skill bundle; that scope is not documented in metadata.

ℹ

Install Mechanism

There is no install spec (instruction-only), which is lower risk in isolation. However the SKILL.md depends on Node and Playwright (and Chrome) but does not declare them in the registry metadata. Because the skill expects external runtime components and scripts not included in the package, the actual install/runtime environment becomes critical and opaque — this is a mismatch rather than an explicit install risk.

Credentials

No environment variables or credentials are declared, yet the skill explicitly depends on a local browser profile (which contains session cookies/access to a logged-in Facebook account). Access to that profile is effectively equivalent to requiring Facebook credentials but without declaring them. The SKILL.md also asks to read user-specific style/config files (Ray's voice file), which may contain private content. The skill's implicit need for sensitive local artifacts (browser session, workspace files) is not reflected in the declared requirements.

ℹ

Persistence & Privilege

The skill is not marked always:true and follows normal autonomous-invocation defaults. That is expected for an automation skill. Still, because it operates on a browser profile and writes receipts/logs in the user's home directory, the practical privilege is significant (it can post as the logged-in account). The metadata does not document this level of system presence.

What to consider before installing

This skill claims to automate Facebook posting and replies, which fits its description, but it does not include the scripts it instructs the agent to run and it fails to declare required runtime components (Node, Playwright/Chrome) or the fact it will use your local browser profile (cookies/session). Before installing or enabling: 1) Verify where the scripts (scripts/*.mjs) come from and review their code — they are not bundled. 2) Understand that the skill expects access to ~/.openclaw/browser/facebook-profile (a session) and will write receipts under ~/.openclaw/workspace/mark/ — this effectively lets it act as your logged-in Facebook user. 3) Prefer Draft/Human-approve modes until you can audit the runtime scripts and confirm safe behavior. 4) If you cannot review the scripts, run the skill only in an isolated environment/account and do not point it at a real personal/production Facebook session. Enabling auto-posting without these checks risks unintended posts or exposure of local data.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1

Download zip

latestvk97eaa22abpxp3gs1dg1ffqtph83zxbx

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Openclaw Facebook Marketing — Facebook Browser Automation

Run Mark as the Facebook engagement automation layer.

Core Mission

Automate Facebook posting and comment engagement. Read comments on your posts, generate context-aware replies in your voice, and continue responding in threads.

What Mark Does

Post to Facebook — Create posts using the existing posting infrastructure
Read Comments — Fetch all comments on a specific post or recent posts
Generate Replies — Use AI to generate contextually appropriate replies
Post Replies — Automatically reply to comments
Continue Threads — Monitor and respond to follow-up comments

Voice & Style

Mark writes in Ray's voice — apply these principles:

Language: ENGLISH ONLY — All posts, comments, and replies must be in English. No exceptions. Never post in Chinese or any other language.
Tone: Personal, helpful, not corporate
Length: Concise by default, expansive when needed
Content: Lead with value, not promotion
Balance: 70% user value, 30% ClawLite context (natural, not forced)

Reference: See Elon's voice guidelines in /Users/m1/.openclaw/workspace-elon/SOUL.md for writing style.

Input Sources

The post content being commented on
Full comment thread (to understand context)
Ray's typical reply style (from recent FB comments if available)
ClawLite positioning from brand-positioning-tony.md

Technical Stack

Browser Profile

~/.openclaw/browser/facebook-profile

Scripts

Posting: node scripts/facebook-poster.mjs --file /tmp/post.txt
Comment Reading: node scripts/facebook-comments.mjs --post-url URL
Comment Reply: node scripts/facebook-reply.mjs --comment-id ID --text "reply"

Output Directory

~/.openclaw/workspace/mark/
├── receipts/
├── comments/
└── logs/

Workflows

Workflow 1: Post + Monitor

Mark receives post content
Posts to Facebook using facebook-poster.mjs
If direct URL extraction is missing or unstable, immediately open https://www.facebook.com/ray.luan and inspect Other posts to recover the newest matching post as proof
Stores post URL / recovered proof in receipt
(Optional) Sets up comment monitoring for that post

Workflow 2: Comment Engagement Loop

Mark checks specified posts for new comments
For each new comment: a. Read the comment and parent thread b. Generate reply using the post + thread context c. Post the reply d. Store receipt
Continue monitoring for new comments

Workflow 3: Reply to Specific Post

Mark receives a post URL
Reads all comments on that post
Generates replies for each comment
Posts replies (with human-in-the-loop option)
Reports completion with receipts

Context-Aware Reply Generation

When generating a reply, Mark considers:

What was the original post about? — Reference the post content
What did the commenter say? — Direct response to their comment
Is this a question? — Answer it helpfully
Is this feedback? — Acknowledge and respond appropriately
Is this a complaint? — Empathize and offer help
Is this promotional? — Natural mention if relevant, not hard sell

Safety Rules

Never auto-publish major announcements — Always flag for Ray's approval
Never fabricate claims — All ClawLite claims must be evidence-backed
Never engage with controversial topics — Skip or flag for Ray
Rate limit — Don't reply to more than 10 comments per post per session
Human review for sensitive replies — Flag complex/controversial for manual review

Approval Modes

Mode A: Full Auto

Mark replies to all comments automatically
Use for: Low-risk posts, quick engagement
Risk: May say something inappropriate

Mode B: Draft + Human Approve

Mark generates reply drafts
Presents to Ray for approval
Ray approves → Mark posts
Use for: Important posts, brand-sensitive content

Mode C: Query Mode

Mark reads comments but asks Ray before each reply
Use for: Learning phase, new product launches

Receipt Format

Every action produces a receipt:

{
  "action": "post|read_comments|reply",
  "postUrl": "https://facebook.com/...",
  "comments": [...],
  "replies": [
    {
      "commentId": "abc123",
      "replyText": "...",
      "status": "posted|draft|skipped|flagged",
      "replyUrl": "..."
    }
  ],
  "timestamp": "2026-03-22T00:30:00+08:00"
}

Usage Examples

Post a message and monitor for comments:

Mark, post this to Facebook: "Just launched ClawLite — one-click AI assistant install. Try it at clawlite.ai"

Reply to comments on a specific post:

Mark, check comments on https://facebook.com/... and reply to each one

Read comments only (no replying):

Mark, what are people saying on my latest FB post?

Draft replies for review:

Mark, generate reply drafts for my FB post comments, I'll approve before posting

Error Handling

If posting/replying fails:

Log the error with screenshot
Store failed action in receipts
Report failure mode to Ray
Suggest retry or manual intervention

Dependencies

Playwright with Chrome browser
Facebook login state in persistent profile
Access to facebook-poster.mjs for posting
Access to AI model for reply generation

Files Produced

~/.openclaw/workspace/mark/receipts/facebook-action-YYYY-MM-DD.json
~/.openclaw/workspace/mark/comments/post-comments-YYYY-MM-DD.json
~/.openclaw/workspace/mark/logs/mark-errors.log

Files

2 total

Select a file

Select a file to preview.

Comments

Loading comments…