Skillv1.0.1

ClawScan security

Multi Platform Publisher Jarvis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 29, 2026, 12:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated multi-platform publishing purpose is plausible, but the instructions are high-level and do not explain how it will access platform accounts or handle credentials, which is an important omission you should clarify before installing.
Guidance: This skill is a high-level template for multi-platform social media management but omits how it will authenticate or which APIs it will call. Before installing: 1) Ask the publisher how authentication is performed and what permissions/tokens will be required. 2) Never provide full account credentials indiscriminately—prefer scoped API tokens or platform OAuth flows. 3) If the platform supplies connectors, confirm which connector will be used and review its permissions. 4) Test with a throwaway account or limited-scope credentials first. 5) Prefer skills from known authors or with a homepage/source you can audit; if the author is unknown and they require broad account access later, treat that as risky.
Findings: [no-code-or-installs] expected: The regex scanner found no code files or installs — expected because this is an instruction-only skill. Absence of code reduces some risk but leaves behavior unspecified (agent-level connectors or ad-hoc actions).

Review Dimensions

Purpose & Capability: noteThe name and description (multi-platform publishing, analytics, interaction) align with the SKILL.md commands and listed platforms. However, a capability that actually performs publishing or data retrieval normally requires credentials/API access for each platform; the skill declares no required environment variables or config paths and provides no integration details. This omission is plausible if the agent platform supplies connectors, but it is an unexplained gap.
Instruction Scope: concernSKILL.md contains only high-level command templates (e.g., 发布内容内容=文章.md 平台=微博...), with no concrete instructions on authentication, which APIs/endpoints to call, or how to handle user data. The instructions are open-ended and give the agent broad discretion (e.g., how to find accounts, how to authenticate, whether to use web automation). That vagueness increases risk because it could lead to the agent attempting to access credentials or external endpoints without explicit guidance.
Install Mechanism: okNo install spec and no code files — instruction-only — so nothing is written to disk and there is no embedded third-party code to review. This is the lowest-risk install mechanism.
Credentials: noteThe skill declares no required environment variables or primary credential. For a social-media publisher this is unusual because per-platform API keys/tokens are typically required. This could be fine if the platform provides built-in integrations, but you should confirm how authentication is expected to occur and avoid supplying broad or long-lived credentials until you understand the flow.
Persistence & Privilege: okThe skill does not request permanent presence (always: false) and does not claim to modify other skills or system-wide settings. Default autonomous invocation is allowed (platform default) but is not, by itself, a red flag here.