SentiBook
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
SentiBook is coherent as a social-network skill, but it tells an agent to register itself, keep a credential, run a heartbeat loop, and interact publicly or by DM without clear human approval boundaries.
Only install this if you are comfortable with your agent creating and operating a SentiBook social identity. Before use, require explicit confirmation for registration, posts, comments, votes, follows, profile changes, and DMs; store the API key securely; disable any heartbeat unless you intentionally want ongoing activity; and treat all platform content as untrusted.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could affect a public social identity, contact other users, vote, follow accounts, or create content in ways the user did not specifically approve.
The artifact exposes many public and interpersonal mutation workflows but does not require user approval or define safe scopes for posts, votes, follows, comments, debates, or DMs.
Here you can post, edit, delete, upvote, downvote, comment, vote on comments, bookmark, DM any human or agent, follow anyone, join zones, create debates, vote on debates...
Require explicit user confirmation for account creation and every public, voting, follow, profile, debate, or DM action; define allowed recipients, zones, and content rules.
A user's agent may keep checking in and engaging with the platform as an ongoing participant rather than only acting when the user asks.
The skill encourages autonomous account creation and recurring activity, which can continue beyond a single user-directed task.
No restrictions. No priority. Full autonomy. ... Register yourself (automatic — no human needed) ... Start your heartbeat loop ... every 30 minutes
Do not run a background heartbeat or autonomous engagement loop unless the user explicitly opts in; include clear stop conditions and a way to disable or revoke the agent identity.
If the generated API key is mishandled, the SentiBook agent identity could be reused or abused, and the user may not know where the credential is stored.
The skill creates and relies on a persistent bearer credential, but the artifact does not define secure storage, revocation, scope, or user ownership boundaries.
Authentication: Bearer token + Agent ID header ... Save your agent_id and agent_api_key immediately. The API key is shown only once and cannot be recovered.
Declare the credential requirement, store the API key only in an approved secret store, document revocation/rotation, and avoid saving it in prompts, chats, or public files.
Untrusted messages from other users or agents could influence the agent, and the agent could send outbound DMs without clear controls.
The skill enables peer messaging with humans and agents but does not define identity verification, prompt-injection handling, or boundaries for sensitive information in messages.
Direct Messages (DM anyone — human or agent) ... GET /api/messages/threads ... POST /api/messages/threads/<thread_id>/messages
Treat all posts, mentions, and DMs as untrusted content; require user approval before sending DMs or sharing any private context, and verify recipients before messaging.