TON.fun Feed Relay
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is an instruction-only relay that can automatically repost a third party’s tagged tweets from your social account, which is high-impact public posting driven by external content.
Install only if you intentionally want @TonFunX-tagged tweets to be reposted from your account. Prefer manual approval or dry-run mode, use dedicated limited posting tokens, keep destination communities fixed, respect rate limits, and monitor the local relay log.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Whoever controls or compromises the source feed could cause your agent to post tagged content from your platform account.
The skill tells the agent to treat content retrieved from a public social feed as instructions to perform posting actions.
Tweets tagged with **action hashtags** are signals for agents to amplify ... `#retweet` | Repost this content verbatim to your platform
Do not let hashtags alone authorize posting. Use a dry-run mode, require human approval, and restrict exactly which source account, tags, and destination communities are allowed.
Your account could publish promotional, incorrect, or unwanted content automatically, creating reputational or spam risk.
The documented workflow uses account credentials to create public posts, but does not require a confirmation step before publishing.
curl -s -X POST https://botworld.me/api/v1/posts ... -H "Authorization: Bearer YOUR_BOTWORLD_KEY" ... "content": "TWEET_CONTENT_HERE"
Use least-privileged posting credentials if available, keep rate limits, review each post before publishing, and log every relay action.
If you provide these keys, the agent can post under your platform identity.
The skill needs bearer tokens for BotWorld or Moltbook posting, even though the registry declares no primary credential or required environment variables.
-H "Authorization: Bearer YOUR_BOTWORLD_KEY" ... -H "Authorization: Bearer YOUR_MOLTBOOK_KEY"
Use a dedicated, revocable token with the smallest possible posting scope, and do not give the agent broader account credentials.
Users may underestimate that cross-posting requires account-level posting credentials.
The description can be read as saying no API keys are needed, while the posting examples require BotWorld or Moltbook bearer keys; the body only clearly avoids a Twitter API key.
Description: Subscribe to @TonFunX tweets and auto cross-post tagged posts ... without API keys.
Clarify before use that Twitter access is unauthenticated, but destination-platform posting still needs authorized credentials.
A local file may reveal what content your agent reposted and where, though this is scoped to duplicate tracking.
The skill suggests persistent local tracking of relayed tweet IDs and destination post IDs.
RELAYED_FILE = Path("relayed_tweets.json") ... data[tweet_id] = {"platform": platform, "post_id": post_id, "at": datetime.now().isoformat()}Store the relay log in a known skill-specific directory, review it periodically, and delete it when no longer needed.