📦 ZeeLin AI Twitter博主信息简报 — AI博主简报
v1.0.0一键抓取指定AI博主近10天推文,智能提炼要点并生成中英双语高信号简报,自动发布到用户X账号,让信息获取与分享零门槛。
0· 145·0 当前·0 累计
by @kelcey2023下载技能包
最后更新
2026/3/29
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to do exactly what it says (scrape recent tweets, summarize, and post), but check two things before installing: 1) Confirm you trust the referenced 'ZeeLin Twitter/X AutoPost' and 'agent-browser' skills—they will handle login/posting and may hold your tokens. 2) Ask the author why the skill needs to read files under ~/.openclaw/workspace/skills; reading other skills' files is not required to scrape or summarize and could expose unrelated sensitive data. If you proceed, require...详细分析 ▾
ℹ 用途与能力
The described workflow (use a browser-driven scraper to fetch recent tweets, produce a Chinese briefing, extract an English tweet, and delegate posting to a Twitter/X autopost skill) is internally consistent for the stated goal. It does not request credentials itself and relies on an autopost skill for publishing, which is a reasonable delegation. However, the SKILL.md explicitly points to local filesystem paths for other skills (~/.openclaw/workspace/skills/...), which is not strictly required to perform the described workflow and is disproportionate to the minimal needs of a summarization/posting pipeline.
⚠ 指令范围
Instructions tell the agent to open creators' pages with agent-browser and scrape up to 20 tweets per account (normal for browser-based scraping). They also instruct the agent to read SKILL.md files of other skills by absolute path. Directly reading other skills' files (even if SKILL.md) expands scope beyond the described task and could expose unrelated configuration or secrets. The skill does state it will ask for user confirmation before posting unless user granted 'auto' permission, which is a good control.
✓ 安装机制
Instruction-only skill with no install spec and no code files—lowest install risk. Nothing is downloaded or written by an installer.
ℹ 凭证需求
The skill requests no environment variables or credentials itself, which is plausible because it delegates posting to a separate autopost skill. That delegation is acceptable if the autopost skill manages credentials. However, the explicit instruction to read other skills' files raises a credential-proportionality concern: those files might reference tokens or contain sensitive config; reading arbitrary skill directories is not justified by the stated purpose.
✓ 持久化与权限
always is false and there is no indication the skill attempts to persist itself or modify other skills' configs. Autonomous invocation is allowed by default (disable-model-invocation false), which is normal for skills but increases the importance of the other concerns noted above.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/29
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install ai-twitter-briefing
镜像加速npx clawhub@latest install ai-twitter-briefing --registry https://cn.longxiaskill.com