ClawHub
Back to skill
v1.0.0

GenViral Social Media

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:07 AM.

Analysis

The skill’s actual code only generates text, but its packaged dependencies reference posting to X/Twitter and a self-improving agent, which are broader than the disclosed simple post-generation behavior.

GuidanceOnly install this if you are comfortable with the extra dependencies or can verify they are not installed or used. The visible code is simple, but the dependency list mentions posting and self-improvement, so you should confirm the skill will not publish content or run learning behavior without explicit approval.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceMediumStatusConcern
dependencies.json
"x-twitter": "^2.3.1", "self-improving-agent": "^3.0.1"

The package declares external dependencies with non-exact version ranges, including a self-improving agent package, but the included source code does not import or justify them.

User impactInstalling the skill could pull in extra third-party code whose behavior is not explained by the simple text-generation function shown in the artifact.
RecommendationBefore installing, verify why these dependencies are needed, prefer exact pinned versions, and confirm the package manager will not install unnecessary or unexpected code.
Tool Misuse and Exploitation
SeverityMediumConfidenceMediumStatusConcern
README.md
- x-twitter (for posting)

Posting to a social media account is a higher-impact action than merely generating draft text, and the artifacts do not define approval, scope, account permissions, or reversibility for posting.

User impactIf the posting capability is enabled elsewhere by the dependency, it could affect a public social account without clear boundaries in the skill documentation.
RecommendationTreat this as a draft-generation tool only unless posting behavior is explicitly documented, permissioned, and requires clear user approval before publishing.
Rogue Agents
SeverityLowConfidenceMediumStatusNote
README.md
- self-improving-agent (for learning)

The README references a learning/self-improving agent dependency, which can imply autonomous or persistent behavior, although the included index.js does not use it.

User impactThe current code does not show background activity, but the declared dependency is broader than expected for a simple content generator.
RecommendationAsk the publisher to document what is learned, where it is stored, and whether any background or persistent behavior occurs.