v1.4.0

Social Post

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:25 AM.

Analysis

This is a functional social-posting skill, but it deserves review because it can publish publicly and use wallet/API credentials with weak approval boundaries and unbundled helper code.

GuidanceInstall only if you are comfortable granting the skill authority to publish to your X/Twitter and Farcaster accounts and to use a funded Farcaster wallet. Use dry-run first, avoid autonomous or --yes posting unless you fully trust the workflow, use dedicated low-privilege credentials and a low-balance wallet, review or pin the external Farcaster/Twitter helper code, and be cautious with the --vary duplicate-detection avoidance feature.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/post.sh

# If no platform specified, post to both
POST_TWITTER=true
POST_FARCASTER=true
...
if [ "$AUTO_CONFIRM" = false ] && [ -t 0 ]; then ... read -r CONFIRM ... elif [ "$AUTO_CONFIRM" = true ]; then echo "Auto-confirmed (--yes flag). Proceeding..."

The script defaults to posting to both platforms and only asks for confirmation when stdin is a TTY; a non-interactive agent run can pass the preview and continue to real posting without a final human prompt.

User impactAn agent or automated workflow could publish public posts or replies and incur API/cast costs without an interactive approval step.

RecommendationRequire explicit user approval or an explicit --yes flag for every real post in all execution modes, and consider making dry-run the default for agent use.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

CHANGELOG.md

Bypass Twitter's anti-spam duplicate content blocker ... posting the same announcement from multiple Twitter accounts ... without triggering Twitter's duplicate content detection.

The skill explicitly includes a feature to evade duplicate-content and anti-spam detection across multiple accounts, which is a risky use of a public posting tool.

User impactUsing this feature could violate platform rules, trigger account restrictions, or damage reputation if the agent posts coordinated or spam-like content.

RecommendationAvoid using --vary to evade platform protections; limit the feature to transparent formatting review or remove the anti-spam bypass framing.

Agentic Supply Chain Vulnerabilities

SeverityHighConfidenceHighStatusConcern

lib/farcaster.sh

FARCASTER_REPO="/home/phan_harry/.openclaw/workspace/skills/farcaster-agent/repo"
...
const { submitMessage } = require('./src/x402');
...
npm run cast "$text"

Farcaster posting depends on an external repo and npm code that are not included in this skill's manifest, while private keys are passed into that external execution path.

User impactUnreviewed or changed external helper code could handle private keys, submit casts, or spend wallet funds in ways not visible from this skill alone.

RecommendationBundle or pin the required helper code, declare Node/npm and the Farcaster dependency in the install requirements, and avoid passing private keys to unpinned external scripts.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

lib/farcaster.sh

local private_key=$(jq -r '.custodyPrivateKey' "$FARCASTER_CREDS")
local signer_key=$(jq -r '.signerPrivateKey' "$FARCASTER_CREDS")
...
PRIVATE_KEY="$private_key" SIGNER_PRIVATE_KEY="$signer_key"

The code reads Farcaster custody and signer private keys from a local credentials file and passes them into posting commands, giving the skill high-impact wallet/account authority.

User impactIf misused or compromised, these credentials could post as the user and spend funded Farcaster wallet balance for casts.

RecommendationUse a dedicated low-balance wallet and scoped posting credentials, keep files chmod 600, rotate keys if exposed, and install only after reviewing the credential-handling code.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

lib/farcaster.sh

curl -s -F "reqtype=fileupload" -F "fileToUpload=@$image_path" https://catbox.moe/user/api.php
...
response=$(curl -s -F "files[]=@$image_path" https://uguu.se/upload.php

When posting Farcaster images, the skill uploads the user-provided image to third-party anonymous hosting services before embedding it.

User impactImages selected for Farcaster posts leave the local system and may be hosted by third parties outside the user's account controls.

RecommendationOnly upload images intended to be public, and consider adding a clear preview notice that identifies the external image host before upload.