ClawHub

Glasses to Social

v1.0.0

Turn smart glasses photos into social media posts. Monitors a Google Drive folder for new images from Meta Ray-Ban glasses (or any smart glasses), analyzes them with vision AI, drafts tweets/posts in the user's voice, and publishes on approval. Use when setting up a glasses-to-social pipeline, processing smart glasses photos for social media, or creating hands-free content workflows.

1· 1.9k·2 current·2 all-time
by@junebugg1214
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the actual artifacts: scripts and SKILL.md implement a pipeline that downloads photos from a Google Drive folder, marks processed files, asks a vision model to analyze images, and drafts posts for social media. The required tools mentioned (gdown, a vision model, Twitter/X credentials) are appropriate for the declared goal.
!
Instruction Scope
SKILL.md instructs the user to share the Drive folder with 'Anyone with link can view' (privacy exposure) and uses gdown to pull files without describing authenticated access or access controls. The instructions for 'analyze with vision' and 'publish' are vague and leave the agent broad discretion (e.g., which model/service to call, where drafts are stored/transmitted). The included scripts only perform downloads, file enumeration, and update a processed list (no hidden data exfiltration), but the recommendation to make the folder public materially broadens exposure risk.
Install Mechanism
No install spec is provided (instruction-only), which minimizes install risk. The scripts rely on standard CLI tools (gdown, jq, find, cp) but the package installation steps are not included. There are no downloads from arbitrary URLs or extract actions.
Credentials
The skill requests no environment variables and doesn't demand credentials in its files. It does note that Twitter/X credentials are required for posting and that a vision-capable model/service is needed; both are proportional. However, SKILL.md's approach (making Drive folder public rather than using authenticated Drive API access) is a questionable design choice that trades credential management for public exposure.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system privileges. The scripts operate only within the configured download and data directories and modify their own processed.json file; they do not change other skills or system-wide configurations.
What to consider before installing
This skill is generally coherent with its stated purpose, but pause before installing and consider privacy and access controls: - The SKILL.md tells you to set the Google Drive folder to 'Anyone with link can view'. That makes your photos publicly accessible to anyone who gets the link. Prefer a private folder and use authenticated Drive access (OAuth or a service account) instead of a public share. - The scripts require gdown and jq but the skill doesn't provide installation steps — ensure you install these from trusted package sources and run the scripts in a controlled directory. - The instructions for image analysis and posting are vague: decide which vision service/model will run and where drafts are stored/transmitted. If you use a third-party vision API, review its privacy policy and avoid sending sensitive photos. - Posting automation requires social media credentials. Use a dedicated account or app token with limited scope and rotate/revoke keys if needed. Ensure the agent asks for explicit approval before posting (autoPost=false by default is safer). - Consider removing/examining EXIF/metadata from photos before uploads and obtain consent from people who appear in images. - If you want tighter security, modify the pipeline to use Google Drive API with OAuth/service account rather than gdown + public shares, and add explicit logging and review steps. Confidence in this assessment is medium. If you want a higher-confidence verdict, provide answers or changes to: how Google Drive access will be authenticated (public link vs OAuth/service-account), which vision service will be used, and the exact posting mechanism for social platforms.

Like a lobster shell, security has layers — review code before you run it.

latestvk979e2e3qck4et16bzv367ws5h809gb8smart-glassesvk979e2e3qck4et16bzv367ws5h809gb8social-mediavk979e2e3qck4et16bzv367ws5h809gb8visionvk979e2e3qck4et16bzv367ws5h809gb8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments