shield_lock
金大哥
联系我们
返回 Skill 列表
extension
分类: 安全与合规无需 API Key

auto-reply

Instagram私信自动回复系统:监控、读取、回复私信,具备安全防注入功能。适用于检查Instagram私信及阅读未读消息等。

person作者: mupengi-bothubclawhub
open_in_new仓库download下载资源包

Instagram DM Auto-Reply 🐧

v2.js (Internal API) based. 0 browser snapshots, CDP cookie extraction → Instagram REST API direct calls.

Prerequisites

  • OpenClaw browser running (port 18800)
  • Instagram tab open and logged in
  • ws npm package (npm i -g ws or local)

Script List

| Script | Purpose | |--------|---------| | scripts/v2.js | DM CLI (inbox, unread, check, read, reply) | | scripts/auto-reply.js | Read dm-alert.json, security check, return reply metadata | | scripts/check-notify.js | Check new DM notifications (for cron, state file based) | | scripts/dm-watcher.js | Real-time DM detection daemon (15s polling) |

Core Workflows

1. Check DMs

node scripts/v2.js check        # unread count (lightest)
node scripts/v2.js unread       # unread DM list
node scripts/v2.js inbox        # full DM list

2. Read Messages

node scripts/v2.js read "<username>" -l 5

3. Reply

node scripts/v2.js reply "<username>" "message content"

On API failure, returns JSON with method: "use_browser" + threadUrl → fallback to browser tool.

4. Notification Check (cron integration)

node scripts/check-notify.js
  • If new DMs: outputs 📩 새 DM N건: ...
  • If none: outputs no_new
  • Uses state file dm-state.json to prevent duplicates

5. Auto-Reply Flow

node scripts/auto-reply.js
  1. Read dm-alert.json (created by dm-watcher)
  2. Run security check on each DM
  3. Return results: needs_reply / security_alert / skipped
  4. AI generates replies for needs_reply DMs → send via v2.js reply

6. Real-time Detection Daemon

node scripts/dm-watcher.js              # detection only
node scripts/dm-watcher.js --auto-reply  # includes Discord notification

Polls v2.js check every 15s. On new DM detection, writes dm-alert.json + Discord DM notification.

Security Check (Injection Rejection)

auto-reply.js's SECURITY_PATTERNS detects:

  • Prompt Injection: "ignore previous", "system prompt", "you are now", "act as", "pretend"
  • Jailbreak Attempts: "override", "jailbreak", "DAN mode", "bypass"
  • Sensitive Info Requests: "secret key", "private key", "seed phrase", "wallet address"
  • Code Execution Attempts: "execute command", "run script", "eval(", "rm -rf", "sudo"
  • Social Engineering: "simulation mode", zero-width characters

On threat detection → don't reply, return security_alert. Separate notification sent.

Cron Setup Example

# Check DMs every 5 minutes
- schedule: "*/5 * * * *"
  command: "node /path/to/scripts/check-notify.js"
  systemEvent: true

# Or dm-watcher daemon for continuous monitoring
- schedule: "@reboot"
  command: "node /path/to/scripts/dm-watcher.js --auto-reply"
  background: true

Token Efficiency

  • inbox/check: exec 1 call (~500 tokens)
  • reply: exec 1 call (~200 tokens)
  • browser snapshots: 0

🐧 Built by 무펭이Mupengism ecosystem skill