Social Post Batcher
Security checks across malware telemetry and agentic risk
Overview
This appears to be a benign social-post drafting skill, with the main thing to notice being its optional local Python helper that can read an input file and write an output file.
This skill is suitable for drafting and organizing social-media post series. Before installing, note that it can optionally run a local Python helper and write an output file, so use clear input/output paths and review the generated content before publishing. The artifacts do not show credential use, network access, or automatic posting.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent may run the included Python script to process a user-selected input and create a user-selected output file.
The skill explicitly allows running a bundled local Python helper. This is disclosed and purpose-aligned, but users should notice that it executes local code and may write an output file.
如运行环境允许 shell / exec,可使用:`python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>`Run it only from a trusted workspace, use intended input/output paths, and review generated drafts before using them elsewhere.
Users have limited external provenance information if they want to decide whether to trust the bundled local script.
The artifact provenance is limited and the homepage is not a verifiable project site. There is no remote install behavior shown, so this is a provenance note rather than a behavioral concern.
Source: unknown; Homepage: https://example.invalid/skills/social-post-batcher
Review the included files before running the helper script, and prefer installing from a trusted publisher or repository when available.