Social Post
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its social-posting purpose, but it can publish or spend from user accounts without a guaranteed prompt and relies on unreviewed local helper code with credentials.
Review before installing. Only use this skill if you are comfortable granting write access to social accounts and Farcaster wallet keys, and inspect or replace the external helper paths before real posting. Run dry-runs first, require explicit approval for every post, avoid the anti-spam variation feature for duplicate campaigns, keep Farcaster wallet balances low, and do not shorten sensitive URLs.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent-run command could publish public posts or paid Farcaster casts without a human confirmation prompt at execution time.
The only confirmation prompt runs when stdin is a TTY; in typical non-interactive agent or scheduled execution the script continues to the posting section without asking, and the default target is both platforms.
# If no platform specified, post to both ... POST_TWITTER=true ... POST_FARCASTER=true ... # Confirmation prompt (skip if running non-interactively or with --yes flag) ... if [ "$AUTO_CONFIRM" = false ] && [ -t 0 ]; then
Require explicit user approval for every real post, including non-interactive runs; make dry-run the default for agent use, and require a clearly user-approved --yes only in controlled automation.
Using this feature could trigger platform enforcement, account restrictions, or reputational harm if it is used to mass-post similar content across accounts.
The skill intentionally advertises text variation as a way to bypass platform duplicate-content and anti-spam controls, not just as a formatting aid.
- Bypass Twitter's anti-spam duplicate content blocker - Natural, human-like text variations
Do not use the --vary feature to evade platform rules; remove anti-spam bypass framing and require users to post genuinely distinct, policy-compliant content.
A user cannot fully review the code that will post with their X/Twitter account, and that external script would inherit sensitive posting credentials.
The normal text-only Twitter posting path invokes a script outside this skill's manifest after loading Twitter credentials, so the reviewed artifacts do not show what credentialed code will actually run.
TWITTER_POST_SCRIPT="/home/phan_harry/.openclaw/workspace/scripts/twitter-post.sh" ... get_twitter_credentials ... "$TWITTER_POST_SCRIPT" "$text"
Include the Twitter posting implementation inside the skill package or pin and declare the helper dependency; avoid absolute user-specific paths.
Paid casting and Farcaster private-key use depend on unreviewed local code, which increases the risk of unintended spending, posting, or key exposure.
Farcaster posting runs code from a separate local repo that is not included in the manifest while passing custody and signer private keys to it.
FARCASTER_REPO="/home/phan_harry/.openclaw/workspace/skills/farcaster-agent/repo" ... PRIVATE_KEY="$private_key" SIGNER_PRIVATE_KEY="$signer_key" FID="$fid" ... npm run cast "$text"
Declare and pin the Farcaster dependency, include the needed code in the reviewed package, and clearly bound how private keys are passed and used.
Anyone or anything that can access those credential files may be able to post as the user or spend the funded Farcaster wallet balance.
The skill openly requires high-impact credentials, including Farcaster private keys and X/Twitter write tokens; this is expected for posting but gives the skill account and wallet authority.
"custodyPrivateKey": "0x...", "signerPrivateKey": "0x..." ... "Credentials are stored as plain text - secure your system"
Use least-privilege credentials, keep wallet funding minimal, set restrictive file permissions, and install only if you trust the code path that will use these keys.
Sensitive links embedded in posts could be disclosed before posting if --shorten-links is used.
When link shortening is requested, original URLs are sent to TinyURL over HTTP, which can expose private URLs or tracking parameters to the shortener and network observers.
local short_url=$(curl -s "http://tinyurl.com/api-create.php?url=$(echo "$url" | jq -sRr @uri)")
Avoid shortening private or tokenized URLs, and prefer an HTTPS shortener with clear privacy expectations.