ClawHub

Tweet Processor

v1.0.1

Extract key insights from tweet URLs and categorize them into structured, formatted notes across tools, tech, design, people, and miscellaneous files.

0· 558·2 current·2 all-time
by@caqlayan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's purpose (extract tweet insights and append to notes) matches the files and README. However, the included process.js hard-codes a specific absolute path (/home/mediauser/.openclaw/workspace/tweet-notes) rather than using configurable or relative paths declared in the README/SKILL.md, which is an implementation mismatch and could cause unintended writes or no-ops on other systems.
!
Instruction Scope
SKILL.md instructs the agent to 'navigate to the tweet using browser automation' and append to tweet-notes/*.md. The process.js file contains only template console logs and does not perform navigation, extraction, or file writes. There's a gap between the runtime instructions and actual implementation; the instructions also assume permission to create/append files in the user's workspace.
Install Mechanism
No install spec is provided (instruction-only style). No external downloads or package installs are requested, which lowers risk.
Credentials
The skill requests no environment variables or credentials. That is reasonable. However, the hard-coded file path in process.js implicitly requires write access to a specific user workspace directory; this should be made configurable rather than baked in. There are no network endpoints or secret exfiltration signs in the code.
Persistence & Privilege
always:false and no evidence the skill modifies other skills or system-wide settings. The main privilege is the ability to write to the specified workspace path if the agent runs this code.
What to consider before installing
This skill is plausible but inconsistent and incomplete. Before installing: (1) review and fix process.js so the notes directory is configurable (via an env var or agent workspace relative path) instead of hard-coded to /home/mediauser/.openclaw/...; (2) confirm the agent's browser automation tool is available and how it will be invoked (the code currently only logs steps); (3) test in a sandbox to ensure it only writes to the intended tweet-notes folder and doesn't overwrite unrelated files; (4) prefer an explicit configuration/permission step that asks you to authorize the exact directory to modify. If you can't review or change the code, treat the skill as untrusted because it may attempt file writes in a user-specific path.

Like a lobster shell, security has layers — review code before you run it.

latestvk9705psyp0fjyzmynrzfbcfz2s81gb49

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments