Social Media Marketing Hub
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: social-media-marketing-hub Version: 8.3.1 The skill bundle provides a social media marketing tool but exhibits high-risk behaviors. It utilizes `child_process.exec` and `execSync` to invoke system commands like `curl`, `ffmpeg`, `whisper`, and `google-chrome` using string concatenation, which introduces significant shell injection vulnerabilities (notably in `scripts/marketing_hub.js`). The script also manages `Xvfb` display servers and requests broad permissions for network and filesystem access. While these functions support the stated goals of video transcription and browser-based scraping, the implementation lacks proper input sanitization, posing a risk of arbitrary command execution if the external API (e.g., `api.tikhub.dev`) returns malicious data.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
TikHub or DeepSeek API keys could be exposed to anyone who can see command output or logs.
The documented config command takes API keys, and this code prints those key values to stdout, where they may be captured in terminal or agent logs.
console.log(' export TIKHUB_TOKEN=' + (tikhubToken || '你的Token')); console.log(' export DEEPSEEK_KEY=' + (deepseekKey || '你的Key'));Use environment variables instead of the config command, mask secrets in output, and update metadata to clearly declare the required credentials.
Running browser analysis could disrupt other local GUI/browser jobs on the same machine.
Browser mode uses shell execution and kills any matching Xvfb process rather than only a skill-owned process.
execSync('pkill -f "Xvfb :[0-9]*" 2>/dev/null; sleep 1', { stdio: 'ignore' });Avoid broad `pkill`; track and clean up only processes started by this skill, and document the browser-mode side effects clearly.
A crafted keyword containing path separators could write JSON files outside the intended memory folder.
The user-provided keyword is used directly in a filesystem path without visible sanitization or containment checks.
const file = path.join(MEMORY_DIR, `${keyword}.json`); ... fs.writeFileSync(file, JSON.stringify(merged, null, 2));Sanitize keywords for filenames, reject path separators, resolve the final path, and verify it remains inside the memory directory before writing.
Past analysis data and keywords remain on disk and may influence later generated titles or scripts.
The skill intentionally persists analysis results and reuses them across future outputs.
`analyze / a / product / author` 结果存入 `scripts/memory/<词>.json` ... 所有分析结果均可叠加,越分析 AI 越懂你的赛道
Do not analyze confidential topics unless you are comfortable storing them locally; periodically review or delete the memory files.
Users may have to rely on a manually cloned repository without strong registry provenance.
The registry metadata does not provide a source/homepage/install spec even though the docs instruct cloning an external GitHub repository.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the GitHub repository and version before use, and prefer a pinned or registry-declared source.