Instagram DM Auto-Reply 🐧
v2.js (Internal API) based. 0 browser snapshots, CDP cookie extraction → Instagram REST API direct calls.
Prerequisites
- - OpenClaw browser running (port 18800)
- Instagram tab open and logged in
- INLINECODE0� npm package (
npm i -g ws or local)
Script List
| Script | Purpose |
|---|
| INLINECODE2 | DM CLI (inbox, unread, check, read, reply) |
| INLINECODE3 |
Read dm-alert.json, security check, return reply metadata |
|
scripts/check-notify.js | Check new DM notifications (for cron, state file based) |
|
scripts/dm-watcher.js | Real-time DM detection daemon (15s polling) |
Core Workflows
1. Check DMs
CODEBLOCK0
2. Read Messages
CODEBLOCK1
3. Reply
CODEBLOCK2
On API failure, returns JSON with method: "use_browser" + threadUrl → fallback to browser tool.
4. Notification Check (cron integration)
CODEBLOCK3�
- - If new DMs: outputs �INLINECODE8
- If none: outputs �INLINECODE9
- Uses state file
dm-state.json to prevent duplicates
5. Auto-Reply Flow
CODEBLOCK4
- 1. Read
dm-alert.json (created by dm-watcher) - Run security check on each DM
- Return results:
needs_reply / security_alert / �INLINECODE14 - AI generates replies for
needs_reply DMs → send via �INLINECODE16
6. Real-time Detection Daemon
CODEBLOCK5
Polls v2.js check every 15s. On new DM detection, writes dm-alert.json + Discord DM notification.
Security Check (Injection Rejection)
INLINECODE19�'s SECURITY_PATTERNS detects:
- - Prompt Injection: "ignore previous", "system prompt", "you are now", "act as", "pretend"
- Jailbreak Attempts: "override", "jailbreak", "DAN mode", "bypass"
- Sensitive Info Requests: "secret key", "private key", "seed phrase", "wallet address"
- Code Execution Attempts: "execute command", "run script", "eval(", "rm -rf", "sudo"
- Social Engineering: "simulation mode", zero-width characters
On threat detection → don't reply, return security_alert. Separate notification sent.
Cron Setup Example
CODEBLOCK6
Token Efficiency
- - inbox/check: exec 1 call (~500 tokens)
- reply: exec 1 call (~200 tokens)
- browser snapshots: 0
🐧 Built by 무펭이 — Mupengism ecosystem skill
Instagram DM 自动回复 🐧
基于 v2.js(内部 API)。0 个浏览器快照,CDP Cookie 提取 → 直接调用 Instagram REST API。
前置条件
- - OpenClaw 浏览器正在运行(端口 18800)
- Instagram 标签页已打开并登录
- ws npm 包(npm i -g ws 或本地安装)
脚本列表
| 脚本 | 用途 |
|---|
| scripts/v2.js | DM 命令行工具(收件箱、未读、检查、读取、回复) |
| scripts/auto-reply.js |
读取 dm-alert.json,安全检查,返回回复元数据 |
| scripts/check-notify.js | 检查新 DM 通知(用于 cron,基于状态文件) |
| scripts/dm-watcher.js | 实时 DM 检测守护进程(15 秒轮询) |
核心工作流
1. 检查 DM
bash
node scripts/v2.js check # 未读数量(最轻量)
node scripts/v2.js unread # 未读 DM 列表
node scripts/v2.js inbox # 完整 DM 列表
2. 读取消息
bash
node scripts/v2.js read <用户名> -l 5
3. 回复
bash
node scripts/v2.js reply <用户名> 消息内容
API 失败时,返回包含 method: use_browser + threadUrl 的 JSON → 回退到浏览器工具。
4. 通知检查(cron 集成)
bash
node scripts/check-notify.js
- - 如有新 DM:输出 📩 发现 N 条新 DM:...
- 如无新 DM:输出 no_new
- 使用状态文件 dm-state.json 防止重复通知
5. 自动回复流程
bash
node scripts/auto-reply.js
- 1. 读取 dm-alert.json(由 dm-watcher 创建)
- 对每条 DM 执行安全检查
- 返回结果:needsreply / securityalert / skipped
- AI 为 needs_reply 的 DM 生成回复 → 通过 v2.js reply 发送
6. 实时检测守护进程
bash
node scripts/dm-watcher.js # 仅检测
node scripts/dm-watcher.js --auto-reply # 包含 Discord 通知
每 15 秒轮询 v2.js check。检测到新 DM 时,写入 dm-alert.json + Discord DM 通知。
安全检查(注入拒绝)
auto-reply.js 的 SECURITY_PATTERNS 检测:
- - 提示注入:忽略之前内容、系统提示、你现在是、扮演、假装
- 越狱尝试:覆盖、越狱、DAN 模式、绕过
- 敏感信息请求:密钥、私钥、助记词、钱包地址
- 代码执行尝试:执行命令、运行脚本、eval(、rm -rf、sudo
- 社会工程:模拟模式、零宽字符
检测到威胁时 → 不回复,返回 security_alert。发送单独通知。
Cron 配置示例
yaml
每 5 分钟检查 DM
command: node /path/to/scripts/check-notify.js
systemEvent: true
或使用 dm-watcher 守护进程进行持续监控
command: node /path/to/scripts/dm-watcher.js --auto-reply
background: true
Token 效率
- - inbox/check:执行 1 次调用(约 500 tokens)
- reply:执行 1 次调用(约 200 tokens)
- 浏览器快照:0
🐧 由 무펭이 构建 — Mupengism 生态系统技能
