PublishGuard — Post Verification & Credential Manager
WarnAudited by ClawScan on May 10, 2026.
Overview
PublishGuard’s purpose is coherent, but it handles persistent platform credentials and includes a plaintext credential store despite promising that tokens are never stored in plaintext.
Only install this if you are comfortable reviewing and controlling its credential storage. Before adding real tokens, confirm it uses the encrypted vault path rather than publish_guard_creds.json, check file permissions, and periodically delete or redact audit logs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local file, backup, or another tool with workspace access could expose API tokens or account credentials that let someone post as the user.
The included CredentialStore persists platform auth values to a JSON file without visible encryption or restrictive file permissions, even though these credentials can grant posting/account authority.
store_path = os.path.join(workspace, "the-alpha-oracle", "vault", "publish_guard_creds.json") ... self._data[platform][key] = value ... json.dump(self._data, f, indent=2)
Remove or clearly disable the plaintext credential store, use the encrypted vault or an OS keychain consistently, declare credential/config paths in metadata, and require explicit user approval before storing or using account credentials.
Users may store sensitive tokens believing all credential storage is encrypted, when one included storage path is visibly plaintext.
This strong safety claim conflicts with the included publish_guard.py CredentialStore, which saves credential values with json.dump to publish_guard_creds.json. Users may overtrust the credential safety posture.
API keys and tokens are **never stored in plaintext**. PublishGuard includes `VaultCrypto`, a built-in encryption engine
Replace absolute claims with accurate documentation, remove legacy plaintext paths, and clearly state which storage mechanism is used by default.
Publishing history and some content details may remain on disk and be visible to later agent sessions or local tools.
The skill intentionally persists post and verification history. This is purpose-aligned, but the logs may contain URLs, titles, content previews, diagnoses, or other sensitive publishing details across sessions.
Audit Trail | JSONL log of every post attempt and verification ... Posts and verifications are logged to: memory/publish_audit/posts_YYYY-MM-DD.jsonl
Document retention clearly, allow users to disable or purge logs, and avoid logging secrets or full private draft content.