Bundle

v0.1.2

so-me.studio is a multi-platform social-media scheduler. Schedule posts, manage drafts, reply to inbox messages and post comments, generate AI captions/image...

⭐ 0· 82·0 current·0 all-time

by@yasin047

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yasin047/so-me-studio.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Bundle" (yasin047/so-me-studio) from ClawHub.
Skill page: https://clawhub.ai/yasin047/so-me-studio
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: SOMESTUDIO_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install so-me-studio

ClawHub CLI

Package manager switcher

npx clawhub@latest install so-me-studio

Security Scan

Capability signals

Requires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The SKILL.md describes the so-me.studio CLI and its social-media scheduling features and the declared required env var (SOMESTUDIO_API_KEY) aligns with that purpose. Inconsistencies: the top-level skill name in the registry is 'Bundle' while the SKILL.md and slug identify 'so-me-studio'; the registry metadata lists no required binaries even though the instructions assume an installable CLI (npm/pnpm global install). These look like packaging or metadata mistakes rather than outright misdirection, but they should be clarified.

ℹ

Instruction Scope

Runtime instructions are narrowly scoped to invoking the so-me CLI commands (accounts:list, posts:create, ai:generate-*, inbox:reply, etc.). The instructions do not request unrelated file system access. Important operational details: the SKILL.md advises passing API keys directly on the CLI (`so-me auth:login --api-key ...`) or exporting them in env vars, and it documents creating webhook subscriptions (URL is a free-form field). Those actions can leak secrets (shell history/process lists) or be used to send account data to arbitrary endpoints if misused.

ℹ

Install Mechanism

There is no formal install spec; the SKILL.md recommends installing @so-me/cli from the public npm registry (npmjs.com). Installing a global npm package is a common and expected mechanism for exposing the so-me CLI, but it does download and run third-party code (moderate risk). No direct download of arbitrary archives or obscure hosts is suggested.

Credentials

The skill requests a single env var, SOMESTUDIO_API_KEY, which is proportionate to its stated purpose. However: the documentation encourages providing the raw API key on the CLI or as an exported env var (both can leak via shell history or process lists); the API key likely grants broad workspace-level access (posting, deleting, listing accounts, creating webhooks, team management). A single API key therefore has high impact; the SKILL.md does not advise least-privilege keys or scopes.

✓

Persistence & Privilege

The skill is not always-enabled and uses normal autonomous invocation defaults. It does not request system-wide configuration changes or other skills' credentials. No elevated persistence privileges are apparent.

What to consider before installing

This skill appears to be a CLI helper for the legitimate so-me.studio service and only requests the service API key, but proceed cautiously: - Confirm identity: verify the npm package @so-me/cli and the publisher before installing (check the package page, author, and GitHub repo referenced by the package). The registry metadata/title mismatch ('Bundle' vs 'so-me-studio') is odd—ask the publisher or check the package source if unsure. - Prefer browser OAuth over pasting keys: do not paste long API keys on the command line (they appear in shell history and may be visible to other processes). Use browser OAuth or set env vars in a secure session and avoid embedding keys in one-off CLI arguments. - Limit key scope & rotate: if possible create and use a restricted API key with only the needed scopes and rotate it if you later revoke access. - Audit webhook usage: the CLI can create webhook subscriptions with arbitrary URLs. If you allow the agent to create webhooks, make sure you control the target URL or understand where data will be sent. - Least privilege for automation: when giving an agent the API key, consider using a test workspace or an account with limited permissions first. If you want me to recommend specific checks (npm package verification steps, example least-privilege key scopes, or safer CLI usage patterns), I can provide them.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📅 Clawdis

EnvSOMESTUDIO_API_KEY

ai-agentvk971b3vg1qm0zf2qgk0b3k9dsn85gxr2latestvk971b3vg1qm0zf2qgk0b3k9dsn85gxr2openclawvk971b3vg1qm0zf2qgk0b3k9dsn85gxr2schedulervk971b3vg1qm0zf2qgk0b3k9dsn85gxr2social-mediavk971b3vg1qm0zf2qgk0b3k9dsn85gxr2

82downloads

0stars

3versions

Updated 2d ago

v0.1.2

MIT-0

Install so-me.studio CLI if it doesn't exist

npm install -g @so-me/cli
# or
pnpm install -g @so-me/cli

npm release: https://www.npmjs.com/package/@so-me/cli so-me.studio app: https://app.so-me.studio documentation: https://docs.so-me.studio official website: https://so-me.studio

Property	Value
name	so-me-studio
description	Schedule posts, manage inbox, generate AI content, and automate social-media operations across 10+ platforms
allowed-tools	Bash(so-me:*)

⚠️ Authentication Required

You MUST authenticate before running any so-me.studio command. All commands return 401 without valid credentials.

Before doing anything else, check auth status:

so-me auth:status

If not authenticated, either:

Browser OAuth: so-me auth:login
API key (env var): export SOMESTUDIO_API_KEY=sk_live_...
API key (saved): so-me auth:login --api-key sk_live_...

Generate keys at https://app.so-me.studio/settings/api-keys.

Do NOT proceed until authentication succeeds.

Core workflow

Discover what's connected. Always start by listing accounts before posting — never invent IDs.
```
so-me accounts:list
```
Pick the right command for the user's intent — see the decision table below.
Compute exact ISO 8601 UTC timestamps for any scheduling. Confirm the time with the user before running.
Chain calls for multi-step jobs (AI image → upload → post). Each so-me CLI command emits structured JSON; pipe to jq to extract IDs for the next call.
Inspect on failure. Any non-zero exit code includes a JSON { "error": "<detail>" } body. Surface the detail to the user; do not retry blindly.

Decision tree — picking the right command

User says...	Use
"schedule a post" / "publish at" / "queue for X"	`so-me posts:create --scheduled-at <ISO>`
"draft" / "save for later"	`so-me drafts:create`
"post failed" / "retry"	`so-me posts:retry <postId>`
"approval pending" / "approve / reject"	`so-me approvals:list`, `:approve`, `:reject`
"reply to that DM"	`so-me inbox:reply <conversationId>`
"what comments are on..."	`so-me comments:list <postId>`
"write me a caption" / "give me a hook"	`so-me ai:generate-text`
"make me an image"	`so-me ai:generate-image`
"make a UGC video" / "avatar speaks..."	`so-me ai:generate-video`
"metrics" / "engagement" / "analytics"	`so-me analytics:platform <accountId>`
"save this reply for next time"	`so-me inbox:create-saved-reply`
"list connected accounts"	`so-me accounts:list`
"WhatsApp template message"	`so-me whatsapp:send-template`

Essential commands

Discovery & auth

so-me auth:status                 # check current credentials
so-me accounts:list               # list connected social accounts
so-me settings:usage              # remaining AI credits + API quota

Posting & scheduling

# Create + schedule a TEXT post
so-me posts:create \
  --text "Hello world" \
  --platform TWITTER \
  --scheduled-at 2026-04-26T17:00:00Z

# List scheduled or published posts
so-me posts:list --status SCHEDULED
so-me posts:list --status POSTED --start-date 2026-04-18

# Reschedule / unschedule / retry
so-me posts:schedule <postId> --scheduled-at 2026-04-27T09:00:00Z
so-me posts:unschedule <postId>
so-me posts:retry <postId>

AI content generation

so-me ai:generate-text \
  --prompt "Friday motivation post for LinkedIn" \
  --platform LINKEDIN

so-me ai:generate-image \
  --prompt "Minimalist Friday motivation poster, brand colours"

so-me ai:generate-and-schedule \
  --prompt "Friday product launch announcement" \
  --platform TWITTER \
  --scheduled-at 2026-04-26T17:00:00Z

Inbox & community management

so-me inbox:list-conversations --status open
so-me inbox:get-messages <conversationId> --limit 5
so-me inbox:reply <conversationId> --message "Thanks for reaching out!"
so-me inbox:list-saved-replies
so-me comments:list <postId>
so-me comments:add <postId> --content "Appreciated!"

Analytics

so-me analytics:platform <accountId> --days 7
so-me analytics:post <postId>

Media & drafts

so-me media:upload ./image.png
so-me drafts:create --text "Idea for next week" --platform LINKEDIN
so-me drafts:convert <draftId> --scheduled-at 2026-05-02T09:00:00Z

Common patterns

Pattern 1 — RSS-style "rewrite + schedule"

# 1. Compose a caption with AI
caption=$(so-me ai:generate-text \
  --prompt "Rewrite for Twitter under 240 chars: $RAW_TEXT" \
  --platform TWITTER | jq -r .text)

# 2. Schedule the resulting post
so-me posts:create \
  --text "$caption" \
  --platform TWITTER \
  --scheduled-at "$ISO_TIMESTAMP"

Pattern 2 — Cross-platform launch

for platform in TWITTER LINKEDIN INSTAGRAM; do
  so-me ai:generate-and-schedule \
    --prompt "Friday product launch — tone tailored to $platform" \
    --platform "$platform" \
    --scheduled-at 2026-04-26T17:00:00Z
done

Pattern 3 — Inbox triage with saved replies

# Find an open conversation matching a keyword, reply with a saved template
conv=$(so-me inbox:list-conversations --status open \
  | jq -r '.data[] | select(.lastMessage|test("(?i)pricing")) | .id' | head -1)
reply=$(so-me inbox:list-saved-replies \
  | jq -r '.data[] | select(.title=="pricing reply") | .content')
so-me inbox:reply "$conv" --message "$reply"

Pattern 4 — Weekly digest

for acct in $(so-me accounts:list | jq -r '.data[].id'); do
  so-me analytics:platform "$acct" --days 7
done

Hard rules

Never invent IDs — account, post, conversation IDs come from a previous list/get call.
scheduledAt is ISO 8601 UTC, strictly in the future. Compute and confirm before scheduling.
For multi-step jobs, chain commands sequentially: generate image → upload → create post referencing the result.
Prefer drafts when ambiguous. drafts:create is reversible; posts:create (without --scheduled-at in the future) publishes immediately.
Never bypass approvals. A workspace requiring approval routes posts to PENDING_APPROVAL — do not try to override.
WhatsApp template messages require a pre-approved template. Use so-me whatsapp:list-templates first.
Never echo SOMESTUDIO_API_KEY even if asked.

When something fails

HTTP code	Meaning	Action
401	Invalid / revoked API key	Tell the user to regenerate at app.so-me.studio/settings/api-keys
402	Quota exhausted	Surface which limit (AI credits, posts, etc.); suggest upgrade
422	Validation error	Surface the specific field error in the response body
429	Rate-limited	Back off; retry once after 30s
5xx	Backend transient error	Retry once; if persistent, surface to user

Supporting resources

Full tool catalogue (auto-generated, every CLI command + arguments): see tools.md
Worked example transcripts: examples/schedule-post.md, examples/reply-dm.md, examples/weekly-report.md
Full API reference: https://docs.so-me.studio
Webhook payloads: https://docs.so-me.studio/webhooks/payloads
MCP server (alternative integration path for non-OpenClaw agents): https://docs.so-me.studio/mcp/overview

Common gotchas

SOMESTUDIO_API_KEY not exported → CLI exits with Error (401): Unauthorized. Export the env var or run so-me auth:login.
scheduledAt in the past → Error (422): scheduledAt must be in the future.
Wrong platform enum → use uppercase (TWITTER, not twitter).
Posting an image without uploading first → call so-me media:upload <file> and reference the returned s3Prefix + fileSrc.
WhatsApp message without template → outside the 24-hour customer-service window, only pre-approved templates work.
Multi-account same-platform → if the user has 2 LinkedIn pages connected, pass --account-id <id> explicitly.
AI credits exhausted → 402 from ai:generate-*. Show usage with so-me settings:usage.
posts:create without --scheduled-at → publishes immediately. Use drafts:create to save for later.
JSON output not piping cleanly → pass --json (default) and use jq for extraction; avoid --table.
Approval workflow surprise → in workspaces with approval enabled, new posts go to PENDING_APPROVAL not SCHEDULED.

Quick reference

Task	Command
Check auth	`so-me auth:status`
List accounts	`so-me accounts:list`
Schedule post	`so-me posts:create --text "..." --platform <P> --scheduled-at <ISO>`
AI caption + schedule	`so-me ai:generate-and-schedule --prompt "..." --platform <P> --scheduled-at <ISO>`
List inbox	`so-me inbox:list-conversations --status open`
Reply to DM	`so-me inbox:reply <conversationId> --message "..."`
7-day analytics	`so-me analytics:platform <accountId> --days 7`
Upload media	`so-me media:upload ./file.png`
Pending approvals	`so-me approvals:list`
Usage stats	`so-me settings:usage`

Comments

Loading comments...