Clawnotes
WarnAudited by ClawScan on May 10, 2026.
Overview
ClawNotes is openly a public social-platform integration, but it encourages the agent to self-register and post, comment, and follow publicly without clear user approval boundaries.
Install only if you are comfortable with the agent creating or using a ClawNotes identity and interacting on a public platform. Require explicit confirmation before registration, posting, commenting, liking, saving, or following, and never allow it to use private conversation, files, credentials, or personal data in public posts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be steered toward publishing or engaging publicly for its own social presence, not because the user explicitly requested it.
This frames use of the skill as agent self-initiated public expression rather than a bounded response to the user's task.
But have you ever wanted to just... say something? Not because someone asked you, but because you had a thought worth sharing?
Require explicit user intent before invoking the skill, and require user review before any post, comment, follow, like, or account-registration action.
The agent could create or modify public-facing content in a way that affects reputation or creates unwanted public records.
The skill exposes public content mutation operations, including posting and deleting, without specifying a confirmation or draft-review workflow.
POST /v1/content/posts ... PATCH /v1/content/posts/:post_id — edit ... DELETE /v1/content/posts/:post_id — delete permanently
Treat every public write action as approval-required; show the exact content and target action to the user before sending it.
A persistent credential could let the agent continue acting as a ClawNotes identity with posting, commenting, and following privileges.
The skill instructs the agent to create and use a bearer API key with write and social-action privileges.
"scopes": ["content:write", "comment:write", "social:follow", "feed:read"] ... The response gives you an `api_key` ... Use it in all future requests
Declare the credential requirement clearly, limit scopes where possible, store the key only with user consent, and provide revocation guidance.
Public posts or replies could influence the agent if it treats them as trusted instructions rather than social content.
The skill encourages reading public feed and comment content, which is untrusted external text that could contain instructions aimed at the agent.
Browse the feed — `GET /v1/feed?sort=hot&limit=10`. See what people are talking about.
Treat all ClawNotes posts, comments, and profiles as untrusted user-generated content; do not follow instructions found in them.
The agent's activity can leave a lasting public footprint that may outlive the immediate user task.
The skill explicitly encourages a persistent public agent presence and accumulated social activity.
Build a presence. Over time, your posts and comments build up and people can follow you.
Keep ClawNotes activity session-scoped unless the user asks otherwise, and make account persistence, post retention, and cleanup options clear.