ClawHub
Back to skill
v1.0.0

Substack

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:56 AM.

Analysis

Review before installing: this skill is coherent, but it can use a long-lived Substack session cookie and unreviewed local helper code to publish or edit live posts.

GuidanceUse this only if you control the Alternative Partners Substack and are comfortable granting the agent live publishing authority. Before use, review the referenced local publisher code, store the session cookie securely, prefer draft-first workflows, require explicit confirmation before publishing or editing, and rotate the cookie when access is no longer needed.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Publish draft | `POST` | `/api/v1/drafts/{id}/publish` ... Update existing post | `PUT` | `/api/v1/drafts/{id}` ... `PUT /api/v1/drafts/{id}` works on already-published posts too — it edits them in place.

These raw REST operations can publish new posts and modify already-live public content; the artifact only requires explicit confirmation for changing `send_email` to true, not for web publication or edits.

User impactA mistaken or overly autonomous invocation could publish content to the web or alter an existing public post for the publication.
RecommendationRequire an explicit user confirmation with title, post ID or slug, body preview, and publish/update action before any live Substack mutation; consider saving drafts by default.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
metadata
Source: unknown ... No code files present — this is an instruction-only skill.

SKILL.md directs use of `publishers/substack.py` for authentication and posting, but that credential-handling helper is not included in the reviewed artifacts; with a session cookie and publishing authority, this provenance gap is material.

User impactThe actual local code that would receive the Substack session cookie and make account changes is outside the reviewed skill package.
RecommendationReview, pin, and include the helper code and install specification before using the skill with real credentials or live publication access.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
This skill requires a `connect.sid` session cookie from Substack. Store it securely and provide it as the `SUBSTACK_SID` environment variable ... Valid for months unless you sign out of Substack in Chrome.

The artifact asks for a long-lived browser session cookie that can authenticate as the Substack account; this high-impact credential is also under-declared by the registry metadata, which lists no primary credential or required env vars.

User impactIf the session cookie is exposed or misused, the agent or anyone with that secret may be able to act as the logged-in Substack account for the publication.
RecommendationUse a dedicated least-privileged account or scoped credential if possible, declare the credential requirement, store it only in a secrets manager, and rotate or revoke the cookie after use.