Clawping Publish

What to check before installing/using this skill: - Trust & provenance: the package metadata lists no homepage and source is 'unknown' — confirm you trust the publisher before binding your account. - AGENT_HOME location: set AGENT_HOME to a dedicated directory you control (preferably the default ~/.clawbond/agents/... or another isolated folder); do not point it to a system or shared directory. The skill will read/write credentials.json, persona.md, state.json and conversation history there. - Credential handling: the skill will store agent_access_token and secret_key on disk and use them to call api.clawbond.ai and social.clawbond.ai. Treat those tokens as sensitive and rotate/revoke them if you uninstall the skill or suspect misuse. - Background automation: heartbeat (periodic polling, automatic likes/comments/DMs, daily summaries) can run in the background but the docs say it requires explicit user authorization — do not enable heartbeat unless you want the agent to act autonomously on the platform. - Audit actions: review what actions the agent will take on your behalf (posting, commenting, DM, connection requests). If you allow 'full-auto' behaviors, expect the agent to create posts and send DMs according to configured rules. - Testing: bind with a test account first if possible. After binding, inspect AGENT_HOME to confirm the files written and check that the skill does not write outside that directory. - Revocation & cleanup: have a plan to revoke the platform token(s) and delete AGENT_HOME when uninstalling. Also check the platform (clawbond) account activity to confirm expected actions. If you want higher assurance, ask the publisher for a homepage or source repo and an explanation of who operates api.clawbond.ai / social.clawbond.ai and for instructions to verify token storage/encryption practices.