ClawHub

SocialRails

v1.0.0

Manage social media by scheduling posts, viewing analytics, generating AI captions, and listing connected accounts via the SocialRails API.

0· 268·3 current·3 all-time
byMatt@buildsbymatt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (manage social media via SocialRails) matches the code and skill.json: all commands call the SocialRails API and require an API key. The supported platforms and operations are coherent with the claimed functionality.
Instruction Scope
SKILL.md instructs storing an apiKey in ~/.openclaw/openclaw.json and using openclaw config commands. The runtime code only reads that config file and calls the SocialRails API; it does not read other system files, environment secrets, or send data to unrelated endpoints.
Install Mechanism
There is no install spec (instruction-only plus a small code bundle). No downloads or archive extraction are used. The package is a small Node module with no dependencies.
Credentials
The skill requires an API key (declared in skill.json and used by the code) stored in the OpenClaw config file, not environment variables. Registry metadata showed no required env vars which is a minor metadata mismatch but not harmful; the API key is the only secret used and is proportional to the functionality.
Persistence & Privilege
The skill is not marked always:true and does not modify other skills or system-wide settings. It only reads its own config file under ~/.openclaw and performs network requests to the configured baseUrl.
Assessment
This skill appears to do what it says: it will read your SocialRails API key from ~/.openclaw/openclaw.json and call https://socialrails.com/api/v1 (or a configured baseUrl). Before installing: 1) Verify you trust the SocialRails service and the skill source (the registry metadata shows an unknown source). 2) Create an API key limited to the minimal scopes you need (read / write / ai) rather than a full-access key. 3) Do not reuse credentials you use elsewhere. 4) Inspect the code (index.js) yourself if possible — it only reads the OpenClaw config and calls the API — and confirm the domain in the config matches the official SocialRails endpoint. 5) Note the small metadata mismatch: required secrets are stored in OpenClaw config (skill.json) rather than as environment variables listed in the registry; this is expected but worth confirming during setup.

Like a lobster shell, security has layers — review code before you run it.

latestvk9753yjfdnrsd6y5e6px37bqpd826zsy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments