Twitter Thread Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a simple Twitter thread generation skill, but it asks for an OpenAI API key and references a script that is not included.
Before installing, confirm where the missing thread_gen.py script comes from and review it before running. Only provide an OpenAI API key you are comfortable using for this purpose, and be aware that generated-topic prompts may be sent to the AI provider.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may need to supply or obtain missing code separately, which would not be covered by this artifact review.
The skill uses a manual, unpinned package install and references a local script that is not present in the provided file manifest. This is a provenance/completeness issue, but the commands are user-directed and no hidden or automatic execution is shown.
pip install openai ... python thread_gen.py --topic "5 tips for fitness" --length 10
Verify any missing script before running it, and prefer pinned, documented dependencies.
Using this skill may consume OpenAI account quota or incur API costs.
The skill declares use of an OpenAI API key, which is expected for AI-generated text but still grants access to a paid external service.
"requires": {
"env": ["OPENAI_API_KEY"],
"bins": []
}Use a restricted API key if possible and avoid entering sensitive topics unless you are comfortable sending them to the AI provider.