Social Trend Report
WarnAudited by ClawScan on May 10, 2026.
Overview
The trend-reporting purpose is coherent, but the helper script unsafely turns untrusted config/social-media data into Python code and the skill asks for Twitter session cookies.
Review this skill before installing or running it. The overall trend-reporting workflow is plausible, but do not run scripts/collect.sh unchanged on untrusted inputs, and be careful before providing Twitter session cookies or enabling scheduled Discord announcements.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the helper on malicious or malformed inputs could execute unexpected local commands with the user's permissions.
Reddit response data and config-derived values are interpolated into Python source code without safe serialization or escaping. Crafted social content or config values could break out of the intended string literals and execute Python code when the helper runs.
DATA=$(curl -s ... "$URL" ...); REDDIT_DATA="$REDDIT_DATA...$DATA..." ... python3 -c "... 'niche': '$NICHE', 'reddit': json.loads('''$REDDIT_DATA''') ... with open('$OUTFILE', 'w') ..."Do not run the helper on untrusted configs as-is. Rewrite it to pass data via files/stdin or environment-safe arguments, and use json.dumps or a standalone Python script instead of constructing python3 -c source from external data.
If those cookies are exposed to the environment or the bird CLI, they may grant account access beyond simple trend searches if misused.
The skill asks for Twitter/X session cookies, which are sensitive account credentials, but the registry metadata does not declare those env vars or a primary credential.
SKILL.md: "Requires Twitter auth cookies: AUTH_TOKEN and CT0 env vars"; metadata: "Required env vars: none" and "Primary credential: none"
Declare these credential requirements explicitly, prefer scoped API credentials over session cookies, use a dedicated low-privilege account if possible, and rotate/remove the cookies after use.
A compromised or unexpected npm package version could run code locally or mishandle Twitter credentials.
The documented setup asks the user to install a global npm CLI without a pinned version. This is purpose-aligned and disclosed, but users are relying on that package's provenance and install-time behavior.
`bird` CLI for Twitter/X data (install: `npm i -g @anthropic/bird`)
Install only from a trusted source, pin or verify the package version where possible, and avoid exposing credentials to untrusted global tooling.
Reports or alerts could be generated and posted without a fresh manual review each week.
The skill documents optional recurring automation and notification behavior. It is user-directed, but it will continue running on a schedule once configured.
openclaw cron add ... --schedule "0 10 * * 1" ... --task "... generate this week's trend report using config.json. Save to reports/ and announce in Discord."
Use cron or HEARTBEAT mode only when you are comfortable with recurring automated collection and notifications, and review the destination channel and schedule.