Creative Agents
Security checks across malware telemetry and agentic risk
Overview
The skill matches its creative-agent purpose, but it grants agents social-posting authority, OAuth token handling, local log/history access, and persistent memory writes without clearly documented guardrails.
Install only if you are comfortable giving this skill access to social accounts and local workspace history. Use least-privilege OAuth scopes, require human review before posting, keep tokens in a keyring rather than plaintext, inspect MEMORY.md changes before committing them, and review any helper skills it discovers and runs.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could post or engage from connected social accounts, potentially publishing content the user did not explicitly approve.
The skill exposes direct social-media posting and engagement automation, which can create or mutate public account content; the provided instructions do not show a required approval or review step before posting.
**Social Media Manager** — posting, monitoring, engagement via Playwright + OAuth ... python3 scripts/social_playwright.py post --platform twitter --content "Hello world" --json
Use test accounts first, require human approval before any post or engagement action, and add clear dry-run/review controls for social publishing workflows.
Stored or exposed OAuth tokens could allow posting or account access on linked social platforms if mishandled or captured in logs/results.
The OAuth handler requests write/offline scopes, persists OAuth tokens, and returns raw token data to callers; this is sensitive delegated account authority and is not clearly bounded by the registry credential metadata.
"scopes": "tweet.read tweet.write users.read offline.access" ... self.token_file.write_text(payload) ... return {"ok": True, "token": token_data}Declare required credentials/scopes, avoid returning raw tokens in JSON outputs, prefer keyring-only storage, and use least-privilege scopes with explicit user consent.
Private notes or misleading/instruction-like text could become long-term agent memory and influence future agent behavior.
The curator reads daily notes and appends extracted lines into MEMORY.md, creating persistent agent context from local private notes without an evident review step in the artifact.
DEFAULT_DAILY_DIRS = [Path("/Users/ghost/.openclaw/workspace/memory"), Path("/Users/ghost/.openclaw/workspace/Notes/daily")] ... with open(target, "a", encoding="utf-8") as fh: fh.write(block)Review proposed memory changes before committing them, restrict input directories, exclude sensitive notes, and periodically inspect or prune MEMORY.md.
Error reports or summaries may include snippets from private commands, transcripts, or logs.
The log analyzer intentionally scans local application logs, Claude transcripts, and shell history; this is purpose-aligned for a scribe agent but may process sensitive local context.
self.cursor_log_dir = Path.home() / ".cursor" / "logs" ... self.claude_transcript_dir = Path.home() / ".claude" / "transcripts" ... self.shell_history = self._find_shell_history()
Run log analysis only when needed, inspect outputs before sharing them, and avoid scanning directories that may contain secrets.
If a discovered helper skill is replaced or untrusted, this integration may execute it as part of normal workflows.
The integration discovers and executes other local skill scripts by path. This is aligned with the integration purpose, but those external scripts are outside the provided review context and are not validated here.
SKILL_SEARCH_PATHS = [Path.home() / ".claude" / "skills" / "last30days", ... Path.home() / ".local" / "share" / "last30days"] ... result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
Pin or verify helper skill locations, review the referenced helper skills separately, and avoid relying on writable or unexpected discovery paths.