Skillv1.0.1

ClawScan security

Threads Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 6:20 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md's instructions match a Threads automation tool, but the bundle contains no code and the runtime steps ask the agent to control your browser, delete cookies, and read/write local config files — behaviors that warrant caution before installing.
Guidance: This package is instruction-only: it does not include the scripts it tells you to run. Before using/installing: - Review the upstream GitHub repository (homepage) and inspect the referenced scripts (scripts/cli.py, chrome_launcher.py, reply_assistant.py, filter-comment.py) — do not run unknown scripts. - Be aware these tools control Chrome via CDP and can access your logged-in sessions, cookies, and browser state. If you proceed, run them in an isolated browser profile or VM and back up important cookies/profile data first. - The skill will delete cookies (delete-cookies) and write/read files under your home directory (~/.threads*). Confirm where state and credentials are stored and whether API keys or tokens might be written in plaintext. - Understand what the 'uv' binary is on your system (examples use 'uv run ...') and only install it from a trusted source. On macOS the skill suggests installing tkinter via Homebrew; only install packages you trust. - If you need the automation, clone the GitHub repo and audit scripts for network calls, credential handling, and file I/O before granting any API keys or running commands. Given the missing code and the sensitivity of browser/session operations, proceed only after manual review and with isolation (separate profile/VM) — do not blindly grant this skill access to your primary browser profile or secrets.

Review Dimensions

Purpose & Capability: noteThe name/description (Threads automation) align with the runtime commands (Chrome CDP, posting, liking, searching). However the skill bundle contains no code files; the instructions expect local scripts (scripts/cli.py, chrome_launcher.py, etc.) that are not provided in the package. The declared required binaries (python3, uv) correspond to examples, but 'uv' is uncommon and not explained.
Instruction Scope: concernThe instructions direct the agent to launch Chrome's debug port and run local scripts that will interact with the browser, delete cookies (delete-cookies), manage account data, and read/write files under the home directory (e.g., ~/.threads/replied_posts.json, ~/.threads-filter-comment.json, and temporary JSON files). They also reference optional AI API credentials (api_url / api_key / model) for the filter step. These actions can expose or modify browser session data and local files; while coherent with an automation tool, they are sensitive operations and the skill gives broad discretion to run arbitrary local scripts.
Install Mechanism: noteThere is no install spec in the bundle (instruction-only), so nothing is written by the skill itself — lowest install risk. However the README instructs installing tkinter on macOS via 'brew install python-tk' and using a mysterious 'uv' binary to run scripts; these external dependencies and the missing code repository must be obtained separately (homepage points to a GitHub repo).
Credentials: concernThe skill declares no required environment variables, yet the instructions reference optional AI credentials (api_url/api_key) and persistent local config files that may store secrets. The skill will read and write files under the user home (config and replied-posts cache) and may interact with browser cookies and sessions — operations that are sensitive but not explicitly surfaced as required credentials in the registry metadata.
Persistence & Privilege: notealways:false (good). The skill expects to persist state locally (e.g., ~/.threads/replied_posts.json and ~/.threads-filter-comment.json) and will control a running Chrome instance via CDP. Autonomous invocation is allowed (default) — combined with browser control this increases possible impact, but autonomous invocation alone is the platform default and not a standalone flag.