Typefully Skill
PassAudited by ClawScan on May 1, 2026.
Overview
This skill does what it says, but it can use your Typefully API key to change, delete, schedule, or immediately publish social posts, so use those commands deliberately.
Install only if you are comfortable giving this skill access to your Typefully API key. Before running high-impact commands, especially delete or publish now, verify the draft ID, post text, target platforms, and schedule.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly autonomous invocation could publish content at the wrong time or delete a draft from the user's Typefully account.
The script can schedule or publish drafts and delete drafts through the Typefully API. This is disclosed and central to the skill, but these are high-impact account mutations.
cmd_schedule_draft() ... api PUT "/social-sets/${SOCIAL_SET_ID}/drafts/${draft_id}" -d "{\"publish_at\":\"${when}\"}" ... cmd_delete_draft() ... api DELETE "/social-sets/${SOCIAL_SET_ID}/drafts/${draft_id}"Confirm the exact draft ID, post text, platforms, and schedule before using delete, schedule, or publish-now actions.
Anyone or any agent using this skill with the API key can access and mutate the Typefully resources allowed by that key.
The skill uses a Typefully API key, optionally retrieved from the local password store, to authenticate API requests. This is expected for managing Typefully drafts but grants account access.
API_KEY=$(pass typefully/api-key 2>/dev/null) ... -H "Authorization: Bearer ${API_KEY}"Store the API key securely, avoid sharing command output or logs that might expose account data, and revoke/rotate the key if it is no longer needed.
A user may not notice the credential and tooling requirements from registry metadata alone.
Registry metadata does not reflect the skill artifacts' disclosed requirements for TYPEFULLY_API_KEY, curl, and python3, so automated prerequisite or credential review may be incomplete.
Required binaries (all must exist): none ... Required env vars: none ... Primary credential: none
Review SKILL.md and README.md setup requirements before installing, and verify the local script before providing the Typefully API key.