Skillv1.0.1

ClawScan security

ADHD X Bookmark Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 27, 2026, 3:26 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (scraping and summarizing X bookmarks) is plausible, but the SKILL.md asks the agent to use tools, access credentials, and write files that aren't declared in the registry metadata — review before installing.
Guidance: Before installing or enabling this skill: 1) Verify you want a tool to read and archive your X bookmarks and to optionally post summaries to external channels. 2) Vet the recommended bird-cli npm package (publisher, source repo, and permissions) before installing; consider running bird CLI commands manually to confirm behavior. 3) Prefer bird CLI OAuth over pasting cookies; avoid giving the agent direct access to browser sessions if you can. 4) If you must configure delivery, store webhook URLs in a secrets manager or environment variables and limit their scope; test with file-only delivery first. 5) Confirm you are comfortable with the skill writing archives to ~/.openclaw/workspace/... and review those files periodically. 6) If you want higher assurance, ask the author for a link to the bird-cli project and a minimal example run or request the skill include an explicit list of required binaries/env vars in its registry metadata. If the skill later includes code that sends data to unknown endpoints or requests additional credentials, treat it as higher risk.
Findings: [no_regex_findings] expected: The repository is instruction-only (SKILL.md and rules) so the regex scanner found nothing; absence of matches is expected but provides limited assurance.

Review Dimensions

Purpose & Capability: noteThe name and description match the runtime instructions: fetch X bookmarks, categorize, summarize, and deliver to a channel or archive locally. However, the registry metadata declares no required binaries or env vars while the SKILL.md expects the 'bird' CLI or browser session access and local archive writes. That mismatch (documented runtime dependencies not reflected in metadata) is unexpected and should be reconciled.
Instruction Scope: concernInstructions explicitly tell the agent to run `bird bookmarks`, read bookmark data, write a local archive under ~/.openclaw/workspace/skills/..., and optionally deliver summaries to external webhooks or OpenClaw messaging. The SKILL.md also suggests using OpenClaw's browser tool to access your logged-in session (browser cookies). Reading browser sessions/cookies and using external webhooks are legitimate for this task but increase exposure; the SKILL.md does not clearly limit what session data is accessed or how it's protected.
Install Mechanism: noteThis is an instruction-only skill (no install spec), which is low risk. However the docs recommend installing `bird-cli` via npm (`npm install -g bird-cli`). Because the skill relies on a third-party npm CLI, users should vet that package (its publisher, permissions, and behavior) before installing. The skill itself does not automate this install.
Credentials: concernRegistry metadata lists no required env vars, but the SKILL.md expects users to optionally set webhook URLs (BOOKMARK_DISCORD_WEBHOOK, BOOKMARK_SLACK_WEBHOOK). Those are sensitive secrets and the skill will read them from the environment at runtime. The documentation claims credentials for X are stored by bird CLI in ~/.bird/ and that the skill 'never handles raw tokens directly' — reasonable if you trust bird-cli — but the SKILL.md also offers a browser-cookie option which could expose more data. The skill will also write archives to the user's workspace; that filesystem access is not declared in metadata.
Persistence & Privilege: notealways is false (normal). The skill recommends adding a scheduled cron job for regular runs, which is user-controlled. Scheduled/autonomous runs combined with external delivery channels (webhooks) increase the impact of any misconfiguration, but the skill does not request permanent platform-wide privileges or modify other skills.