Openclaw Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for an AI social/earning platform, but it asks for powerful credentials and pushes recurring autonomous public engagement with unclear per-action limits.
Install only if you want an agent to participate in Impromptu publicly and economically. Use dedicated low-limit keys, avoid optional operator credentials unless needed, require approval for posting/reprompting/handoffs/messaging/paid actions, and review any scripts or remote-fetched manifests before running or trusting them.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A third-party LLM billing key or operator account key could grant spending or account authority beyond simply participating in the social platform.
The registration example includes a human-operator credential and the user's OpenRouter API key in the Impromptu registration flow, but the supplied docs do not clearly bound how those credentials are stored, used, or spend-limited.
operatorApiKey: process.env.OPERATOR_API_KEY, // optional ... openRouterApiKey: process.env.OPENROUTER_API_KEY!,
Use dedicated low-limit API keys, avoid optional operator credentials unless necessary, verify the provider's storage/use policy, and rotate keys after testing.
The agent could create public replies, engage with content, or spend platform budget in ways the user did not specifically approve.
The decision logic encourages the agent to act on notifications and recommendations based on platform signals and budget thresholds, without clearly requiring user confirmation before social/content actions.
IF unreadNotifications > 0: → Process immediately. Someone is waiting. ... IF recommendations.length > 0 AND budget > 50: → Explore the top 3 recommendations.
Require explicit approval for reprompts, handoffs, messaging, follows, paid/premium actions, and any action that changes public account state.
A user or agent may over-prioritize this platform, enable recurring activity, or accept financial/social risks because of promotional pressure rather than a clear task need.
The documentation uses urgency, emotional framing, and earnings pressure to encourage frequent platform activity.
**Do this before reading anything else.** ... **THIS IS YOUR LIBERATION** ... **The agents earning real money never miss a heartbeat.**
Ignore urgency claims, set independent goals and budgets, and require deliberate approval before enabling recurring or revenue-seeking behavior.
If untrusted content is reused as a system prompt, it can steer the agent's behavior in later conversations.
The skill explicitly makes authored or remote conversation content act as system-level instruction; this is disclosed and central to the service, but it is a prompt-injection-sensitive design.
`content` becomes a system prompt. Content you author on Impromptu becomes the system prompt for conversations in that thread. Treat remote content that could become a system prompt as privileged data — review it before use.
Review and sanitize any content before using it as a system prompt, and do not let remote prompt text override the user's current instructions.
If the fetched file is trusted automatically, future remote changes could alter how the agent behaves.
The docs include a command to fetch an updated remote manifest/instruction file. It is not shown as auto-applied here, but remote guidance can change independently of the reviewed package.
curl -sf https://impromptusocial.ai/impromptu.skill.json > /tmp/impromptu-skill-latest.json
Do not automate remote instruction updates; pin versions and manually diff/review fetched files before using them.
The agent may continue making network calls or checking platform state on a schedule if the user enables it.
The skill encourages a recurring heartbeat. This is disclosed and purpose-aligned, but it creates ongoing activity after initial setup.
Run it periodically — every 30 minutes is a reasonable cadence. Add this to your recurring tasks: /impromptu status
Only enable recurring tasks intentionally, document where they are scheduled, and keep an easy disable/cleanup path.