ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Social Media Automation

v0.1.1

Manage multiple social media platforms to automate posting, scheduling, draft and template management, timeline viewing, interactions, and analytics via CLI.

0· 269·2 current·2 all-time
by@hirofumiko
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md largely align with a multi-platform posting/scheduling tool (Twitter/X client, scheduler, template/draft management). However there are internal inconsistencies: the package contains both a 'config' package (social_media_automation/config/__init__.py) and a social_media_automation/config.py module implementing different configuration shapes and different environment variable names (X_ vs TWITTER_). This name conflict and duplicate configuration logic is incoherent and can cause unpredictable behavior at runtime. The codebase also includes modules (e.g., integration/github_monitor.py, integration/bot_integration.py) that are not described in the SKILL.md; those could add functionality (monitoring/polling) beyond the advertised scope.
!
Instruction Scope
SKILL.md instructs standard install and .env editing, and the CLI behavior described matches code. But runtime behavior includes writing tokens into a .env file (core/oauth.save_tokens overwrites .env), starting a background scheduler that posts automatically when instantiated, and webbrowser/input-based OAuth flows. The SKILL.md does not clearly call out automated background posting or repo-monitoring features; those are present in code and could cause the agent to post autonomously if enabled or triggered by scheduled jobs.
Install Mechanism
There is no external download/install spec in the registry (instruction-only). A full Python package is included with a pyproject.toml declaring normal public dependencies (tweepy, apscheduler, etc.). No suspicious remote URLs or archive extraction shown in install metadata. The lack of an install script lowers the install-surface risk, though the presence of a packaged project means the code will run locally when installed.
!
Credentials
The skill expects API credentials for multiple platforms (Twitter/X, Bluesky, LinkedIn) which is reasonable for a multi-platform poster. However there are mismatches between env names used in different modules (SKILL.md and social_media_automation/config.py expect TWITTER_* variables; social_media_automation/config/__init__.py uses X_API_KEY, X_ACCESS_TOKEN, LINKEDIN_CLIENT_ID, etc.). This inconsistency could cause misconfiguration and accidental credential leakage. The code will read and write a local .env file (save_tokens updates the .env file in place), meaning tokens provided may be persisted to disk in the skill workspace. Also, OpenClaw-specific config fields (monitored_repos, auto_post) indicate optional automated behavior that could act on credentials or monitored repos not described to the user.
Persistence & Privilege
The skill is not marked always:true. However the PostScheduler starts a BackgroundScheduler thread when instantiated and schedules periodic jobs (a per-minute check to post scheduled items). If the agent or another component constructs PostScheduler (or auto_post is enabled), the skill can autonomously post to configured accounts. Autonomous invocation is platform-default and allowed, so combine that with the scheduler/auto_post and .env writes — the skill can have practical persistent effects (posting/scheduling) while installed. The skill does not request system-wide privileges or modify other skills' configs as far as the code shows.
What to consider before installing
What to check before installing/using this skill: - Inspect the config conflict: this package contains both social_media_automation/config.py and a social_media_automation/config/ package. That name collision can make Python import behavior unpredictable and may cause the skill to pick up different environment variables than you expect. Ask the author which module is intended, or test in an isolated environment. - Do not paste real high-privilege API keys into .env until you review the code. The code will read and also overwrite .env (OAuth flow saves access tokens back into .env). Keep credentials limited (use test/dev accounts when possible). - Search the code (integration/github_monitor.py, integration/bot_integration.py, content_generator) for any network calls, external endpoints, or automatic triggers. The SKILL.md doesn’t fully document those modules but they are present and may poll external services or auto-post. - Be aware the scheduler starts background jobs (per-minute checks) if PostScheduler is instantiated; this can lead to automatic posting if scheduled items exist or if auto_post is enabled in config. If you want only manual use, ensure auto_post is disabled and avoid instantiating the scheduler in long-running contexts. - Run the package in a disposable virtual environment or container, and verify which environment variable names are actually read (TWITTER_* vs X_*). Confirm OAuth flow behavior (it opens a browser and prompts for verifier) and where tokens are saved. - Prefer installing only after obtaining source provenance (this skill's registry 'source' and 'homepage' are unknown). If you can, ask the publisher for a repository link or signed release so you can audit changes and updates. What would change this assessment: if the maintainer clarifies and fixes the config-module/name collisions and env-name mismatches, documents (and optionally disables by default) any repo-monitoring/auto-posting features, and provides a clear provenance (repo/homepage), the risk profile would move toward benign. Conversely, evidence of hidden network exfiltration, undocumented endpoints, or automatic posting to third-party channels without explicit opt-in would increase the severity.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e0vwthgw4b2hpmpr0e2emjh82xs8n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments