Skillv1.0.3

ClawScan security

threads-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 17, 2026, 6:24 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior matches a Threads automation tool in principle, but the SKILL.md expects and manipulates local scripts, browser cookies, and optional AI API credentials that are not supplied or declared, which is inconsistent and warrants caution.
Guidance: This skill appears to be a CLI-based Threads automation tool, but the package contains only instructions (no scripts). Before using it: 1) Inspect the code on the linked GitHub repository and verify the scripts referenced by SKILL.md (scripts/*.py, chrome_launcher.py, reply_assistant.py) — do not run unknown scripts. 2) Confirm what the 'uv' binary refers to and whether you need to install it; SKILL.md uses 'uv run' but metadata only lists python3 and uv, and also mentions brew for tkinter without declaring it. 3) Be cautious about allowing access to your browser cookies or running delete-cookies/login flows — these touch sensitive authentication state. 4) If you plan to use the optional AI features, keep API keys out of world-readable files and prefer to supply credentials via secure environment variables or a credential manager; ask the publisher where credentials are stored and how they're transmitted. 5) Prefer running the tool in an isolated environment (VM/container) and audit network calls that the actual scripts make (especially external api_url endpoints) before granting any secrets or running automated posting actions.

Review Dimensions

Purpose & Capability: noteThe name/description (Threads automation) matches the runtime commands (login, post, like, search, batch reply). However the instructions rely on local Python scripts (scripts/*.py) and a 'uv' CLI that are not included in the skill bundle. The SKILL.md also references installing tkinter via brew (macOS) although brew is not listed as a required binary in metadata. Requiring 'uv' without explanation is unexpected.
Instruction Scope: concernThe instructions tell the agent/user to launch a local Chrome debug instance, read and delete cookies, write and read local files (e.g. ~/.threads/replied_posts.json, ~/.threads-filter-comment.json, /tmp JSON files), and run many scripts that could post or scrape content. They also enable optional AI integration (api_url/api_key/model) implying external API calls and storage of credentials in local config, none of which are declared as required env vars. Because the actual scripts are not present, it's unclear what those scripts do — the SKILL.md gives broad permission to access browser state and local files, which is sensitive and not fully justified by the metadata.
Install Mechanism: noteThere is no install spec (instruction-only), which is lower risk for arbitrary installs. However the runtime assumes local project files and a 'uv' binary; absent those, a user or agent might attempt to fetch/clone code from the declared homepage. The homepage is provided, but the skill does not instruct or declare a verified, trusted install source or release checksum.
Credentials: concernrequires.env is empty, but the SKILL.md references optional AI credentials (api_url, api_key, model) and storing them in a config file. The skill will access browser cookies and session state (delete-cookies, login flows) and write files under the user's home directory. Requesting or storing API keys or accessing browser cookies are sensitive operations and should be explicitly declared; here they are not.
Persistence & Privilege: noteThe skill is not always-enabled and does not claim privileged platform-wide changes. It does expect to create and maintain local state files (~/.threads/*, /tmp/*) and a replied-posts record, which is reasonable for this application. Autonomous invocation is allowed by default (normal), but combined with the other concerns increases potential impact.