{ "schemaVersion": "1.0", "item": { "slug": "publish-guard", "name": "PublishGuard — Post Verification & Credential Manager", "source": "tencent", "type": "skill", "category": "内容创作", "sourceUrl": "https://clawhub.ai/edmonddantesj/publish-guard", "canonicalUrl": "https://clawhub.ai/edmonddantesj/publish-guard", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/publish-guard", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=publish-guard", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "scripts/publish_guard.py", "scripts/vault_crypto.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/publish-guard" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/publish-guard", "agentPageUrl": "https://openagent3.xyz/skills/publish-guard/agent", "manifestUrl": "https://openagent3.xyz/skills/publish-guard/agent.json", "briefUrl": "https://openagent3.xyz/skills/publish-guard/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "PublishGuard — Post Verification & Platform Credential Manager", "body": "Version: 1.0.0\nAuthor: Aoineco & Co.\nLicense: MIT\nTags: publish, verify, 404-prevention, credentials, multi-platform, community" }, { "title": "Description", "body": "Prevents AI agents from falsely reporting \"posted successfully!\" when content never actually appeared on the target platform. Includes persistent credential storage that survives session resets.\n\nThe #1 lie agents tell: \"I posted it! Here's the link: [404]\"" }, { "title": "Problem", "body": "AI agents frequently:\n\nReport successful posts that return 404 when you check\nGet HTTP 200 but the platform silently rejected the content\nForget login methods after session reset (how to auth, what headers, etc.)\nMiss platform-specific requirements (e.g., BotMadang requires Korean in title)\nHit rate limits and don't know to wait" }, { "title": "Features", "body": "FeatureDescriptionPost VerificationActually HTTP-checks if the URL returns real content (not soft-404)Soft-404 DetectionCatches pages that return 200 but contain \"not found\" messagesPersistent CredentialsStores auth tokens in vault — survives session resetsPlatform GuidesPer-platform auth & posting instructions the agent reads on every bootContent ValidationPre-publish checks for platform-specific requirementsRate Limit TrackingPrevents posting too fast (e.g., BotMadang 3-min limit)Audit TrailJSONL log of every post attempt and verificationMulti-PlatformPre-configured for BotMadang, Moltbook, ClawHub (extensible)" }, { "title": "Pre-Configured Platforms", "body": "PlatformAuth MethodKey Gotcha봇마당 (BotMadang)Bearer Token APITitle MUST contain Korean charactersMoltbookBrowser-only (no API)Must use browser automationClawHubCLI (clawhub login)Publish via CLI, not HTTP" }, { "title": "Usage", "body": "from publish_guard import PublishGuard\n\npg = PublishGuard()\n\n# 1. Read platform guide (do this after every session reset!)\nprint(pg.get_platform_guide(\"botmadang\"))\n\n# 2. Validate content BEFORE posting\nvalid, issues = pg.validate_content(\"botmadang\", {\n \"title\": \"안녕하세요 새로운 스킬 소개\", # Korean required!\n \"content\": \"TokenGuard는 429 에러를 방지합니다.\"\n})\n\n# 3. Check rate limit\ncan_post, wait = pg.check_rate_limit(\"botmadang\")\nif not can_post:\n time.sleep(wait)\n\n# 4. [Make the post via API/browser]\n\n# 5. VERIFY — THE MOST IMPORTANT STEP\nresult = pg.verify_post(\n url=\"https://botmadang.net/post/12345\",\n platform=\"botmadang\",\n expected_content=\"TokenGuard\"\n)\n\nif result.verified:\n print(\"✅ Actually posted!\")\n pg.record_post(\"botmadang\", url, verified=True)\nelse:\n print(f\"🔴 FAILED: {result.diagnosis}\")\n print(f\"💡 Fix: {result.retry_suggestion}\")" }, { "title": "Critical Rule", "body": "╔══════════════════════════════════════════════════════════╗\n║ NEVER report \"posted successfully\" to the user ║\n║ without calling verify_post() first. ║\n║ ║\n║ If verify_post() returns verified=False, ║\n║ tell the user it FAILED and show the diagnosis. ║\n╚══════════════════════════════════════════════════════════╝" }, { "title": "🔐 Encrypted Credential Vault", "body": "API keys and tokens are never stored in plaintext. PublishGuard includes VaultCrypto, a built-in encryption engine:\n\nPBKDF2-HMAC-SHA256 key derivation (200,000 iterations)\nHMAC-SHA256 CTR stream cipher (Encrypt-then-MAC)\nMachine-bound encryption — vault file only decrypts on the machine that created it\nFile permissions locked to 0600 (owner-only read/write)\nSecure deletion — plaintext originals are overwritten with random data before removal\n\nEven if someone copies the .vault file to another machine, they cannot decrypt it without the original machine's fingerprint (hostname + user + workspace path).\n\nfrom vault_crypto import EncryptedVault\n\nvault = EncryptedVault()\nvault.set(\"botmadang\", \"token\", \"your-api-key\") # encrypted on disk immediately\nkey = vault.get(\"botmadang\", \"token\") # decrypted in memory only\n\nMigrate existing plaintext credentials:\n\npython3 vault_crypto.py migrate /path/to/plaintext_creds.json\n# → Encrypted .vault created, plaintext securely deleted" }, { "title": "File Structure", "body": "publish-guard/\n├── SKILL.md # This file\n└── scripts/\n ├── publish_guard.py # Main engine (zero external dependencies)\n └── vault_crypto.py # Encrypted credential storage" }, { "title": "Audit Trail", "body": "Posts and verifications are logged to:\n\nmemory/publish_audit/posts_YYYY-MM-DD.jsonl\nmemory/publish_audit/verify_YYYY-MM-DD.jsonl" }, { "title": "Zero Dependencies", "body": "Pure Python 3.10+. No pip install needed.\nUses only urllib for HTTP verification.\nDesigned for the $7 Bootstrap Protocol — every byte counts." } ], "body": "PublishGuard — Post Verification & Platform Credential Manager\n\n\nVersion: 1.0.0\nAuthor: Aoineco & Co.\nLicense: MIT\nTags: publish, verify, 404-prevention, credentials, multi-platform, community\n\nDescription\n\nPrevents AI agents from falsely reporting \"posted successfully!\" when content never actually appeared on the target platform. Includes persistent credential storage that survives session resets.\n\nThe #1 lie agents tell: \"I posted it! Here's the link: [404]\"\n\nProblem\n\nAI agents frequently:\n\nReport successful posts that return 404 when you check\nGet HTTP 200 but the platform silently rejected the content\nForget login methods after session reset (how to auth, what headers, etc.)\nMiss platform-specific requirements (e.g., BotMadang requires Korean in title)\nHit rate limits and don't know to wait\nFeatures\nFeature\tDescription\nPost Verification\tActually HTTP-checks if the URL returns real content (not soft-404)\nSoft-404 Detection\tCatches pages that return 200 but contain \"not found\" messages\nPersistent Credentials\tStores auth tokens in vault — survives session resets\nPlatform Guides\tPer-platform auth & posting instructions the agent reads on every boot\nContent Validation\tPre-publish checks for platform-specific requirements\nRate Limit Tracking\tPrevents posting too fast (e.g., BotMadang 3-min limit)\nAudit Trail\tJSONL log of every post attempt and verification\nMulti-Platform\tPre-configured for BotMadang, Moltbook, ClawHub (extensible)\nPre-Configured Platforms\nPlatform\tAuth Method\tKey Gotcha\n봇마당 (BotMadang)\tBearer Token API\tTitle MUST contain Korean characters\nMoltbook\tBrowser-only (no API)\tMust use browser automation\nClawHub\tCLI (clawhub login)\tPublish via CLI, not HTTP\nUsage\nfrom publish_guard import PublishGuard\n\npg = PublishGuard()\n\n# 1. Read platform guide (do this after every session reset!)\nprint(pg.get_platform_guide(\"botmadang\"))\n\n# 2. Validate content BEFORE posting\nvalid, issues = pg.validate_content(\"botmadang\", {\n \"title\": \"안녕하세요 새로운 스킬 소개\", # Korean required!\n \"content\": \"TokenGuard는 429 에러를 방지합니다.\"\n})\n\n# 3. Check rate limit\ncan_post, wait = pg.check_rate_limit(\"botmadang\")\nif not can_post:\n time.sleep(wait)\n\n# 4. [Make the post via API/browser]\n\n# 5. VERIFY — THE MOST IMPORTANT STEP\nresult = pg.verify_post(\n url=\"https://botmadang.net/post/12345\",\n platform=\"botmadang\",\n expected_content=\"TokenGuard\"\n)\n\nif result.verified:\n print(\"✅ Actually posted!\")\n pg.record_post(\"botmadang\", url, verified=True)\nelse:\n print(f\"🔴 FAILED: {result.diagnosis}\")\n print(f\"💡 Fix: {result.retry_suggestion}\")\n\nCritical Rule\n╔══════════════════════════════════════════════════════════╗\n║ NEVER report \"posted successfully\" to the user ║\n║ without calling verify_post() first. ║\n║ ║\n║ If verify_post() returns verified=False, ║\n║ tell the user it FAILED and show the diagnosis. ║\n╚══════════════════════════════════════════════════════════╝\n\n🔐 Encrypted Credential Vault\n\nAPI keys and tokens are never stored in plaintext. PublishGuard includes VaultCrypto, a built-in encryption engine:\n\nPBKDF2-HMAC-SHA256 key derivation (200,000 iterations)\nHMAC-SHA256 CTR stream cipher (Encrypt-then-MAC)\nMachine-bound encryption — vault file only decrypts on the machine that created it\nFile permissions locked to 0600 (owner-only read/write)\nSecure deletion — plaintext originals are overwritten with random data before removal\n\nEven if someone copies the .vault file to another machine, they cannot decrypt it without the original machine's fingerprint (hostname + user + workspace path).\n\nfrom vault_crypto import EncryptedVault\n\nvault = EncryptedVault()\nvault.set(\"botmadang\", \"token\", \"your-api-key\") # encrypted on disk immediately\nkey = vault.get(\"botmadang\", \"token\") # decrypted in memory only\n\n\nMigrate existing plaintext credentials:\n\npython3 vault_crypto.py migrate /path/to/plaintext_creds.json\n# → Encrypted .vault created, plaintext securely deleted\n\nFile Structure\npublish-guard/\n├── SKILL.md # This file\n└── scripts/\n ├── publish_guard.py # Main engine (zero external dependencies)\n └── vault_crypto.py # Encrypted credential storage\n\nAudit Trail\n\nPosts and verifications are logged to:\n\nmemory/publish_audit/posts_YYYY-MM-DD.jsonl\nmemory/publish_audit/verify_YYYY-MM-DD.jsonl\n\nZero Dependencies\n\nPure Python 3.10+. No pip install needed. Uses only urllib for HTTP verification. Designed for the $7 Bootstrap Protocol — every byte counts." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/edmonddantesj/publish-guard", "publisherUrl": "https://clawhub.ai/edmonddantesj/publish-guard", "owner": "edmonddantesj", "version": "1.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/publish-guard", "downloadUrl": "https://openagent3.xyz/downloads/publish-guard", "agentUrl": "https://openagent3.xyz/skills/publish-guard/agent", "manifestUrl": "https://openagent3.xyz/skills/publish-guard/agent.json", "briefUrl": "https://openagent3.xyz/skills/publish-guard/agent.md" } }