social-auto-tool-builder-1.1.0
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only builder, but it asks the agent to create social-media auto-repliers that reuse saved login sessions and can send replies on a schedule.
Install only if you are comfortable building a local tool that can use a saved social-media login and post replies. Before using live mode, isolate the browser profile, inspect generated scripts, keep dry-run on by default, set small reply limits, and confirm exactly what will be sent.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated tool could continue acting as the logged-in social-media account, including posting replies, using saved session credentials.
The generated automation is instructed to persist and reuse browser login state for social-media accounts, but the artifact does not specify where that state is stored, how long it is retained, how it is isolated, or how users can revoke it.
Python + Playwright(persistent_context) ... 用 persistent_context 保存登录状态
Use a dedicated browser profile and low-risk account, define the session storage path and cleanup process, avoid sharing the profile or packaged EXE, and require explicit user approval before any real posting.
If enabled, the generated tool may post replies publicly or to other users under the user's account.
The skill explicitly supports real automated sending after a dry-run and confirmation. This is purpose-aligned, but it mutates public/social account content and should be tightly controlled.
dry-run:列出候选不发送 - 用户确认后真实发送 - 必须等待成功信号
Keep dry-run as the default, review every candidate batch before enabling live sends, set conservative max-replies and time windows, and log what was sent.
After launch, the generated tool may keep checking and replying without further prompts unless the implementation adds stopping and confirmation controls.
The documented EXE parameter mode can run on an interval and repeatedly process replies. It is disclosed and purpose-aligned, but it creates ongoing autonomous activity.
.\dist\auto_responder.exe --platform xiaohongshu --interval-minutes 5 --recent-hours 2 --max-replies 3
Require an obvious stop mechanism, show live/send mode clearly, keep per-run caps, and consider requiring renewed confirmation before each live batch.
Running an unreviewed generated build script could execute local commands beyond packaging if the generated project is unsafe.
The skill documents running a generated PowerShell build script with ExecutionPolicy Bypass. This is a user-directed packaging step, not automatic execution, but users should inspect the generated script first.
powershell -ExecutionPolicy Bypass -File .\build_exe.ps1
Review build_exe.ps1 and dependencies before running, avoid elevated shells unless necessary, and prefer pinned dependencies.