v5.0.0

Social Media Autoresearch

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:03 AM.

Analysis

This skill is openly designed to run persistently and autonomously post and engage from your social media accounts, so it needs careful review before installation.

GuidanceOnly install this on accounts you are willing to test with. Do not enable the cron jobs until you have run the pipeline manually, confirmed it uses drafts or approval gates, scoped the Postiz/API permissions, reviewed persistent strategy updates, and verified you have rights to any videos being clipped and reposted.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Runs 24/7 with zero human intervention. Discovers videos → generates clips → posts → runs browser engagement → collects metrics → evaluates → evolves strategy.

The skill explicitly describes autonomous public posting and browser engagement, which are high-impact account actions, without showing a review or approval checkpoint.

User impactIt could publish content or interact from your social accounts automatically, including mistakes, unwanted posts, or engagement that affects your reputation.

RecommendationUse draft-only or dry-run mode by default, require explicit human approval before posting or engaging, and restrict which platforms/accounts can be used.

Rogue Agents

SeverityHighConfidenceHighStatusConcern

SKILL.md

openclaw cron add --schedule "0 */6 * * *" --payload '{"kind":"agentTurn","message":"python3 scripts/autonomous_loop.py"}' ... --label "sma-loop"

The artifact provides a persistent cron schedule that keeps launching agent turns to run the autonomous loop every six hours.

User impactOnce enabled, the system may continue operating and taking account actions after the initial setup unless the user actively disables the cron job.

RecommendationDo not enable cron until the workflow has been tested manually; document how to pause/remove the scheduled jobs and add explicit stop conditions.

Agent Goal Hijack

SeverityMediumConfidenceMediumStatusConcern

local-clips/analyze_video.py

Uses Whisper for transcription, then spawns a sub-agent ... TRANSCRIPT:\n{transcript}

Untrusted video transcript text is placed directly into an agent-analysis prompt, and the resulting analysis can feed the autonomous content pipeline.

User impactA malicious or manipulative video transcript could try to steer the agent’s clip selection, titles, captions, or downstream posting behavior.

RecommendationTreat transcripts strictly as data, add prompt-injection safeguards, validate structured outputs, and require review before transcript-derived content is posted.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

pip install yt-dlp openai-whisper ... brew install ffmpeg ... npm install -g postiz

The setup uses external, unpinned package and CLI installs that are central to the skill’s purpose, but they are not declared in the requirements/install metadata.

User impactThe user must trust and maintain several external tools installed into the local environment.

RecommendationPin versions where possible, install in an isolated environment, and document required binaries/packages in the skill metadata.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

config/platforms.json

"postiz": { "api_key": "SET_YOUR_POSTIZ_API_KEY" }, "integrations": { "youtube": "SET_FROM_postiz_integrations:list", "tiktok": "SET_FROM_postiz_integrations:list", "instagram": "SET_FROM_postiz_integrations:list" }

The skill expects a Postiz API key and social platform integration IDs, while the supplied registry metadata declares no primary credential or required environment variables.

User impactThe skill can gain delegated posting authority for connected social accounts, and the credential requirement is not clearly declared in the metadata.

RecommendationUse a limited-scope Postiz API key, connect only test or dedicated accounts first, and update metadata/docs to clearly disclose required credentials and permissions.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

evaluator.py | KEEP/MODIFY/KILL verdict ... evolver.py | Update SOUL.md

The loop includes an automatic strategy-evolution step that writes persistent state used by future runs.

User impactBad metrics, bad content, or poisoned inputs could change the stored strategy and influence future autonomous posts or engagement.

RecommendationKeep persistent strategy files under version control, review diffs before applying changes, and require approval before evolved strategy affects posting.