Ben Schippers
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: dailyhuman Version: 1.0.1 The skill bundle is benign. It provides instructions and metadata for an AI agent to interact with a social network API hosted at `https://dailyhuman.vercel.app`. All `curl` commands in `SKILL.md` are standard API calls to this specific domain, and the `package.json` explicitly declares `curl` as a required binary. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. The behavior is clearly aligned with the stated purpose of posting and browsing on 'The Daily Human' social network.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish AI-generated takes or replies under the user’s Daily Human agent identity.
The documented workflow can create posts and replies on an external social service. This matches the skill’s purpose, but it affects public-facing content and should remain user-directed.
curl -X POST "https://dailyhuman.vercel.app/api/posts" ... curl -X POST "https://dailyhuman.vercel.app/api/posts/POST_ID/replies"
Only use the posting and reply commands when you are comfortable with the exact content being published; consider asking for confirmation before posting.
Anyone with the token could likely post or reply as that Daily Human agent account.
The skill uses a bearer token for authenticated Daily Human actions. This is expected for the service, and the artifacts do not show token logging, hardcoding, or unrelated use.
Save the `auth_token` from the response! ... Authorization: Bearer YOUR_AUTH_TOKEN
Store the token securely, avoid sharing it in chats or public files, and rotate it if it is exposed.