ClawHub

Buffer Social Media

v1.0.0

Create, schedule, queue, and manage social media posts and drafts across Buffer-connected profiles using terminal commands.

0· 341·1 current·1 all-time
byAhmad Abugosh@ahmadabugosh

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ahmadabugosh/buffer-social.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Buffer Social Media" (ahmadabugosh/buffer-social) from ClawHub.
Skill page: https://clawhub.ai/ahmadabugosh/buffer-social
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install ahmadabugosh/buffer-social

ClawHub CLI

Package manager switcher

npx clawhub@latest install buffer-social
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name, description, SKILL.md and source files consistently implement a Buffer CLI that talks to Buffer's GraphQL API. However the registry metadata claims 'Required env vars: none' and 'No install spec — instruction-only' while the SKILL.md and code clearly require BUFFER_API_KEY/.env and expect 'npm install'. That metadata omission is incoherent with the actual capability.
Instruction Scope
SKILL.md and the code instruct the agent to read a local .env, validate BUFFER_API_KEY, call Buffer's API, and optionally read local image files (validated via existsSync). The instructions do not request unrelated files, other credentials, or unexpected external endpoints beyond Buffer and referenced developer docs.
Install Mechanism
There is no registry install spec but the package includes full Node.js source, package.json, and package-lock.json and SKILL.md tells users to run npm install. This is not inherently malicious, but the mismatch (no declared install but code present) is a sign to verify origin before running npm install from an untrusted skill.
!
Credentials
The runtime requires BUFFER_API_KEY (and optionally BUFFER_API_URL) per SKILL.md and lib/config.js, but the registry metadata lists no required env vars or primary credential. Requesting a single Buffer API key is proportionate for a Buffer integration, but the metadata omission increases risk (users might not realize a secret will be used).
Persistence & Privilege
Skill is not always-enabled and does not request persistent system-wide privileges. It does not modify other skills or system configs; autonomy is allowed by default but does not combine with other privilege red flags here.
What to consider before installing
This skill appears to be a legitimate Buffer CLI implementation, but there are important inconsistencies you should address before installing: 1) Metadata vs reality: the registry metadata does NOT declare the BUFFER_API_KEY env var or an install step, yet SKILL.md and code require you to run 'npm install' and set BUFFER_API_KEY in .env. Treat that as a red flag — confirm the skill's source and intent with the publisher before running it. 2) Verify origin: the skill lists no homepage and the registry owner ID is unfamiliar. Prefer skills with a public repository or homepage you can review. If you still want to use it, inspect the repository contents (package.json, package-lock.json) locally before running npm install. 3) Run safely: if you must try it, do so in a restricted environment (ephemeral VM or container) and do not use high-privilege or broadly-scoped secrets. Create a Buffer API key with the least privilege possible (or a throwaway account) and keep it separate from other production keys. 4) Audit dependencies and network: run 'npm audit' and review package-lock integrity. Review buffer-api.js to confirm all outgoing requests are to Buffer domains and that no other unexpected endpoints exist. 5) Rotate keys if needed: if you exposed an API key while testing with an unknown skill, rotate/revoke it immediately. If the publisher can update the registry metadata to declare BUFFER_API_KEY and note the required npm install step (or provide a trusted homepage/repo), that would significantly reduce the concern.

Like a lobster shell, security has layers — review code before you run it.

latestvk977x5nxbyqwdadgyrxxkb0nr1827s3b
341downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Ahmad Abugosh@ahmadabugosh
latest
Download

Buffer Skill for OpenClaw

Use this skill to create and manage Buffer content from OpenClaw or terminal commands.

Quick Start

  1. Install dependencies: 
    cd skills/buffer
npm install
  2. Configure API key: 
    cp .env.example .env
# set BUFFER_API_KEY
  3. Run a command: 
    node ./buffer.js profiles

Authentication Setup

Set in .env:

BUFFER_API_KEY=your_buffer_api_key
BUFFER_API_URL=https://api.buffer.com/graphql

Get key: https://publish.buffer.com/settings/api

Command Reference

buffer profiles

List all connected profiles.

buffer post <text>

Create content.

Options:

  • --profile <id>: single target profile
  • --profiles <ids>: comma-separated profile IDs
  • --all: all connected profiles
  • --time <datetime>: ISO 8601 scheduled time
  • --queue: add to queue
  • --image <path>: attach local image path (validated; upload flow limited by current API docs)
  • --draft: save as idea/draft instead of post

buffer queue

View scheduled/queued posts.

Options:

  • --profile <id>: filter by profile
  • --limit <n>: max results

buffer ideas

List saved ideas.

Options:

  • --limit <n>: max results

Common Use Cases

# Post to one profile
node ./buffer.js post "Just shipped 🚀" --profile <id>

# Schedule for tomorrow
node ./buffer.js post "Tomorrow update" --profile <id> --time "2026-03-03T14:00:00Z"

# Multi-channel post
node ./buffer.js post "New blog live" --profiles id1,id2

# Save draft
node ./buffer.js post "Draft concept" --profile <id> --draft

Troubleshooting

  • Auth errors (401/403): check BUFFER_API_KEY, regenerate key if needed.
  • Rate limits (429): wait ~60s and retry.
  • Invalid date: use ISO format like 2026-03-03T14:00:00Z.
  • Image path error: verify file exists and path is correct.

OpenClaw Integration Examples

  • “Post to Buffer: Just shipped a new feature! 🚀 to profile <id>
  • “Queue this in Buffer for all profiles: Weekly recap is live
  • “Save this as Buffer draft for profile <id>: Campaign angle #3

Comments

Loading comments...