ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Social Autopilot

v1.4.0

Autonomously manage and post varied, platform-optimized social media content across X, Instagram, YouTube, and Meta using smart scheduling and data-driven th...

0· 102·0 current·0 all-time
by@humsafarprabhu-cmyk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be an instruction-only autoposter in the registry metadata, but the package actually includes 16+ Python scripts that implement posting, video generation, R2 upload, and OAuth handling. Registry metadata lists no required environment variables while SKILL.md and the code require many platform credentials (X/Twitter, Instagram Graph API, Meta page, YouTube OAuth client_secrets, Cloudflare R2). This mismatch between declared metadata and actual requirements is an incoherence and could mislead users installing the skill.
Instruction Scope
SKILL.md instructs the agent to operate autonomously (generate posts, upload videos, schedule posts) and to modify local files for branding (search/replace {BRAND_NAME}/{BRAND_URL}). The included scripts read and write local CSVs, generate media, upload to R2, call platform APIs, and mark CSV rows as posted. That behavior is consistent with the stated purpose, but the explicit requirement that users edit scripts and the presence of load_dotenv means the skill will read local .env files — exercise caution because that can expose other local secrets if .env is shared.
Install Mechanism
There is no install specification (no declared package installation flow) even though the repository contains substantial Python code that depends on many packages (tweepy, moviepy, google clients, boto3, etc.). This is not inherently malicious, but it is inconsistent: the skill will require installing the listed Python packages and possibly fonts and template assets before use. The lack of an explicit install routine increases the chance an installer will miss prerequisites.
!
Credentials
The set of credentials the SKILL.md lists (X API keys/tokens, Instagram Graph tokens and app secret, Meta Page token/ID, YouTube OAuth client_secrets, Cloudflare R2 keys) are sensitive and grant posting/upload capability. Those credentials are proportionate to an autoposter's functionality, but the registry metadata incorrectly shows no required env vars and thus understates the required secrets. Additionally, the code uses dotenv to load .env files, which can pull in unrelated secrets if present — verify what you're exposing and prefer dedicated, minimal-scope tokens/accounts.
Persistence & Privilege
The skill is not force-included (always:false) and uses the platform-default ability to be invoked autonomously. That autonomy plus the ability to post across multiple platforms increases blast radius if credentials are compromised. There is no evidence the skill tries to modify other skills or system-wide settings; its file writes appear limited to content CSV updates, logs, and temporary media files.
What to consider before installing
This skill appears to implement what it claims (autonomous posting, video generation, R2 hosting), but there are important things to check before installing or providing credentials: 1) Metadata mismatch: The registry metadata omits required environment variables while SKILL.md and the code require many sensitive tokens. Treat the SKILL.md and the code as the source of truth. 2) Run in a sandbox: Test the skill in an isolated environment (VM or container) and a Python virtualenv so you can safely install dependencies and inspect behavior without exposing your main accounts. 3) Use dedicated, limited-scope accounts/tokens: Create test or throwaway social accounts and R2 bucket and generate tokens with the minimum permissions needed (posting/upload only if possible). Avoid giving long-lived or primary-business account tokens until you trust the code. 4) Inspect and test dry-run first: Use the skill's dry-run option and review generated outputs (videos, captions) before letting it post. Verify mark_as_posted updates only the intended CSV and that no unexpected network calls occur. 5) Review OAuth and secrets handling: YouTube uses an OAuth client_secrets.json and browser flow — confirm where that file is stored and that it isn't uploaded anywhere. The code loads .env (load_dotenv) — ensure your .env doesn't contain unrelated secrets. 6) Check logging and cleanup: Logs may record filenames and public URLs; avoid printing full tokens. Be prepared to rotate any tokens used for testing. 7) Verify provenance: The README and clawhub.json reference a GitHub repo (abhinawtech/social-autopilot). If possible, pull the code directly from a verifiable upstream repository (review commit history, issues) rather than trusting an anonymous package snapshot. If you want, I can help by listing exact files and lines to inspect for network endpoints or by generating a checklist of minimum token scopes for each platform.

Like a lobster shell, security has layers — review code before you run it.

latestvk978sdw5kerx2k83r931s9kwk5836zvj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments