Social Media Autopilot
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to generate social media calendars as advertised, but it uses a Gemini API key and includes an approval-gated step to schedule posts.
This skill looks safe for its stated purpose. Before installing, configure your own Gemini API key, review the dependency installation, avoid entering sensitive business data, and require explicit approval before any social posts are scheduled or published.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has social media or scheduling tools, it may proceed to queue public posts after the user approves the calendar.
Scheduling social media posts can affect public brand accounts. The instruction requires approval, so it is purpose-aligned, but it should remain explicitly user-controlled.
5. **Schedule posts**: Once approved, use the calendar to schedule posts in the optimal windows.
Require explicit confirmation of the final captions, platforms, dates, and target accounts before scheduling anything.
The skill needs access to a Gemini API key to work, and usage may incur provider costs under that key.
The script reads a local Gemini API key from a specific .env file and uses it to authenticate with Gemini.
load_dotenv(Path("/Users/edwin/.openclaw/workspace/dreams-arts/.env")) ... GEMINI_API_KEY = os.getenv("GEMINI_API_KEY")Use your own least-privileged Gemini API key, store it securely, and verify the hardcoded .env path is appropriate for your environment.
Users may install whatever version of the dependency is current at setup time.
The skill relies on an external pip package without a pinned version or install spec. This is normal for a Gemini integration but less reproducible.
`google-generativeai` package (`pip install google-generativeai`)
Prefer pinned dependency versions and review installed packages before running the script.
Business or campaign details entered into the generator may be transmitted to Gemini for content generation.
Brand, niche, audience, and tone details are included in prompts sent to the Gemini provider.
BRAND: {brand}\nNICHE: {niche}\nTARGET AUDIENCE: {audience} ... response = self.model.generate_content(prompt,Avoid entering confidential launch plans, customer data, or other sensitive business information unless you are comfortable sending it to Gemini.