Social Publisher
Security checks across malware telemetry and agentic risk
Overview
The skill matches social media automation, but it asks for social-account tokens and can automatically post or engage publicly without enough guardrails shown.
Before installing, verify the actual workflow executor, use limited-scope tokens, keep secrets out of shared files, start with draft-only/preview mode, and require human approval for replies, follows, retweets, and cross-platform scheduled posts.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misfire could publicly post, reply, follow, or amplify content from the user's social accounts, causing reputational harm or platform enforcement.
These are public, account-mutating social actions. The visible artifact does not show per-action user approval, rate limits, or rollback controls for automated engagement.
actions:
- like: true
- retweet: true
- reply: "Thanks for sharing! Check out our latest: {{latest_post_url}}"
- follow_back: trueUse draft/preview mode by default, require human approval for engagement actions, set rate limits, and test on low-risk accounts before enabling automation.
Over-scoped or exposed tokens could let someone publish, delete, or engage from connected social accounts.
The skill expects social account credentials/tokens in a local config, but the provided metadata declares no primary credential or environment variable contract and the artifact does not explain token scope, storage protection, or rotation.
Create `social-config.yaml`:
accounts:
twitter:
api_key: "..."
api_secret: "..."
access_token: "..."
access_secret: "..."Use least-privilege OAuth scopes, store secrets outside committed files, restrict file permissions, and revoke tokens immediately if the config is exposed.
A bad feed item, compromised source, or prompt-injected article could become scheduled posts across multiple public channels.
External source content can be transformed and scheduled across multiple platforms. The visible artifact does not show containment or mandatory review before generated content is propagated.
Write once, auto-format for each platform ... content_generator:
source: "rss" ... output:
- draft: "Create draft in platform"
- schedule: "Add to calendar"Keep generated posts in draft until reviewed, restrict trusted sources, and add validation rules before cross-platform scheduling.
Users may end up relying on an undeclared local command or workflow service that handles credentials and publishing.
The core examples invoke `clawhub`, but the declared required binaries list only `openclaw` and `curl`, and no install spec or code files are provided for review.
requires:
bins: ["openclaw", "curl"] ... clawhub workflow start blog-promotionVerify the `clawhub` command source and workflow definitions before supplying tokens or starting publishing.
Scheduled workflows could keep posting or sending reports after the user forgets they are enabled.
Recurring publishing/reporting is expected for this skill, but it means workflows may continue operating after setup unless the user manages stopping or expiration.
"Generate daily content from RSS feeds" ... reporting: schedule: "0 8 * * mon"
Confirm there is a clear pause/stop command, use expiration dates for campaigns, and periodically audit active schedules.
Private campaign content or analytics could be shared with external services if those integrations are enabled.
The skill describes sending content or analytics through external AI/image, email, and Slack-style providers, but the visible artifact does not specify provider data boundaries or retention.
generate_images: true # DALL-E / Midjourney integration ... distribution:
- email: "marketing@company.com"
- slack: "#social-analytics"Avoid feeding confidential content to external providers unless their data handling is approved, and limit report distribution to trusted recipients.