Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SocialPost Auto
v1.0.0社交媒体自动化运营助手。自动生成并发布小红书、微博、Twitter 内容,定时发送、互动回复。
⭐ 0· 90·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md and README say the skill needs a license key and platform credentials (Twitter API keys, Weibo token, Xiaohongshu cookie) and will post/schedule/auto-reply. The declared registry requirements list no env vars or credentials. The included Python script contains stubbed post_* functions that only print instead of using credentials or calling APIs. This mismatch (promised network posting vs. no real API calls and no declared credential requirements) is incoherent.
Instruction Scope
Runtime instructions tell the agent/user to add a license_key and platform credentials to ~/.openclaw/openclaw.json and optionally enable cron jobs and auto-reply behavior. The actual script does not read that config or use those credentials, so the instructions ask for sensitive data that the shipped code does not appear to need — a red flag. Instructions also direct installing cron jobs to run the script periodically (writing/reading tasks.json under the user's workspace).
Install Mechanism
There is no install spec (instruction-only) which is lower risk. However package.json (Node) exists while the runtime is a Python script that imports the 'requests' library — no Python dependency declaration is provided. That mismatch could lead users to run code without the expected environment or to manually install dependencies; it's sloppy and worth attention but not directly malicious.
Credentials
SKILL.md asks users to store a license_key and multiple platform credentials in ~/.openclaw/openclaw.json, which is reasonable for a posting skill — but the registry metadata claims no required env/config. Requiring a license key and platform secrets without declaring them in the registry is inconsistent and could lead to users placing sensitive tokens where other skills or processes can access them. Also the script does not actually read those credentials, so it's unclear why they would be requested.
Persistence & Privilege
The skill does not request always:true or system-wide privileges. It writes its own tasks.json under ~/.openclaw/workspace/skills/socialpost-auto/data and suggests cron scheduling — normal for a scheduler. It does not modify other skills or system-wide configs.
What to consider before installing
Do not supply platform credentials or a 'license_key' until the developer clarifies how the code uses them. Specific concerns to address before installing: (1) Ask the author why the registry lists no required credentials but SKILL.md instructs you to add them; (2) Verify whether post.py actually performs authenticated HTTP calls to platform APIs (the current functions only print); (3) Confirm which dependencies are required (post.py imports requests) and whether the package.json Node file is accidental; (4) If you must test, run the code in an isolated environment (container or VM) without real credentials and inspect network activity; (5) Prefer only adding minimal-scoped tokens or per-account API keys and revoke them after testing. Because of the mismatches between documentation, manifest, and code, treat this skill as untrusted until the developer provides a clear, consistent explanation and a version that actually implements secure credential handling.Like a lobster shell, security has layers — review code before you run it.
automationvk9704hvzz781fd6dhksjcyv2t584hz0flatestvk9704hvzz781fd6dhksjcyv2t584hz0fsocial-mediavk9704hvzz781fd6dhksjcyv2t584hz0ftwittervk9704hvzz781fd6dhksjcyv2t584hz0fweibovk9704hvzz781fd6dhksjcyv2t584hz0fxiaohongshuvk9704hvzz781fd6dhksjcyv2t584hz0f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.