Social Ops
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: social-ops Version: 0.0.13 The skill is a comprehensive social media automation framework that utilizes a role-based architecture. It is classified as suspicious due to high-risk capabilities including the automated installation and modification of system-level cron jobs via 'packaged-scripts/install-cron-jobs.sh' and the instructions for the agent to read arbitrary local files based on the 'Local-File-References.md' configuration (referenced in 'Writer.md' and 'Content-Specialist.md'). While these capabilities are aligned with the skill's stated purpose and the instructions include explicit safety constraints and guardrails (e.g., 'No private context leakage' and 'No cross-role work'), the combination of autonomous execution and broad file system access constitutes a significant security surface.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent can publish public posts from the account, which could affect reputation or disclose mistakes if the queued content is wrong.
The Poster role is explicitly authorized to publish to an external social platform. This is purpose-aligned, but it is a high-impact public action and the artifacts do not require a fresh human approval immediately before each publication.
Use Moltbook skill API. Post once.
Require manual review or approval before scheduled posting, keep the Todo queue curated, and verify the account identity and target submolt before enabling Poster runs.
After setup, the skill can continue running social-media roles on a schedule even when the user is not actively supervising the session.
The installer updates or creates enabled recurring OpenClaw cron jobs, including a Poster job that runs multiple times daily.
run_cmd openclaw cron edit "${existing_id}" ... --enable ... upsert_job "Moltbook Poster" "0 9,13,17,21 * * *"Run the installer with --dry-run first, inspect each cron message and schedule, namespace job names if needed, and keep a documented way to disable or remove the jobs.
A scheduled role may operate with the user's social account authority, including posting or replying, if credential access is available.
Scheduled jobs are instructed to authenticate with a credentials file, but the provided registry metadata declares no primary credential and the artifact does not bound the credential path, account scope, or approval flow.
- Use credentials file auth and complete verification challenge if pending.
Use a dedicated low-privilege Moltbook account or token if possible, document the credential file path and permissions, and avoid enabling scheduled jobs until credential scope is understood.
Future posts or strategy suggestions may be influenced by persistent notes or local files that the user did not intend to use.
The skill intentionally reuses persistent memory and optional local file references across runs. This supports the social workflow but can carry stale, private, or poisoned context forward if not curated.
`$SOCIAL_OPS_DATA_DIR/Content/Memory/writer.md` (producer/consumer: Writer; long-term creative memory) ... local files/directories referenced by `Local-File-References.md`
Keep SOCIAL_OPS_DATA_DIR separate from private files, keep Local-File-References small and explicit, and periodically review memory and logs.
Users may underestimate the setup requirements and the presence of a runnable helper script that changes OpenClaw cron configuration.
The registry metadata presents the skill as instruction-only with no required environment variables, while the artifacts include a cron installer and SKILL.md requires SOCIAL_OPS_DATA_DIR.
No install spec — this is an instruction-only skill. ... Code file presence: packaged-scripts/install-cron-jobs.sh ... Required env vars: none
Treat the cron installer as an optional privileged setup step, review it before running, and ensure metadata or local documentation accurately records required environment variables and dependencies.