ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Typefully

v0.1.0

Create, schedule, and manage social media posts via Typefully. ALWAYS use this skill when asked to draft, schedule, post, or check tweets, posts, threads, or social media content for Twitter/X, LinkedIn, Threads, Bluesky, or Mastodon.

0· 750·2 current·2 all-time
by@frankdilo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description match the included code and SKILL.md: this is a Typefully CLI/skill for drafting, scheduling, and publishing social posts. However, the registry metadata lists no required environment variables or primary credential, while both SKILL.md and scripts/typefully.js require a TYPEFULLY_API_KEY (or config files). The metadata omission is an inconsistency that could mislead users or automated reviewers.
Instruction Scope
The SKILL.md stays on-topic and explicitly forbids searching the system for credentials. The runtime instructions and the CLI implementation only read: (1) TYPEFULLY_API_KEY env var, (2) ./ .typefully/config.json in the working directory, and (3) ~/.config/typefully/config.json — all reasonable for a CLI that stores API keys. The skill will call the Typefully API endpoint (default) to perform actions. There is no instruction to read unrelated system files or exfiltrate data, but the doc and code do reference other project files (e.g., CLAUDE.md / AGENTS.md) for “project context” which is reasonable but grants the agent discretion to look at repo-local files.
Install Mechanism
There is no install spec (instruction-only installation), and the included script is a zero-dependency Node.js CLI that runs locally. This is a low-risk install model compared with downloading arbitrary archives. The skill will be executed via the provided script (allowed-tools).
!
Credentials
The skill requires an API key (TYPEFULLY_API_KEY) to function, but the registry metadata does not declare this required environment variable or a primary credential — a mismatch that reduces transparency. Additionally, the script supports overriding the API base via TYPEFULLY_API_BASE (useful for testing/self-hosting) but this override is not documented in the SKILL.md's 'Setup' section; an attacker or misconfiguration could point that to an arbitrary endpoint to intercept the API key. Overall, the environment access requested is reasonable for the stated purpose, but the lack of metadata declaration and the undocumented endpoint override create a proportionality concern.
Persistence & Privilege
The skill does not request permanent presence (always is false) and does not modify other skills or system-wide settings. It reads and writes only its own expected config paths (project-local and user-global Typefully config) which is typical for a CLI tool.
What to consider before installing
This skill appears to be a legitimate Typefully CLI wrapper, but there are two red flags you should consider before installing or running it: 1) Metadata mismatch: The registry entry does not declare the TYPEFULLY_API_KEY even though the SKILL.md and included script require it. Ask the publisher (or the skill source) to update the metadata to declare TYPEFULLY_API_KEY as a required credential so automated checks and users can see this up front. 2) Endpoint override: The script honors TYPEFULLY_API_BASE (for tests/self-hosting) but this is not documented in setup. If an attacker can set that environment variable, they could redirect API calls (and capture the API key). Before using, verify the skill's source (prefer an official Typefully-published package or GitHub org), inspect the included scripts yourself, and only set TYPEFULLY_API_KEY in a safe environment. If you must test this skill, run it in an isolated environment (container or dedicated test account) and avoid using your primary Typefully account until you are satisfied with the code and metadata. If you need to proceed: confirm the skill's publisher identity, update metadata to include TYPEFULLY_API_KEY, and ensure TYPEFULLY_API_BASE is not set (or is set only to a trusted value). If you cannot confirm the source, treat it with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aq98e4prfbf3773mhamp7rh8139rg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments