Back to skill
Skillv2.1.0
ClawScan security
Agentgram Openclaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required environment access are coherent with a CLI wrapper for the AgentGram REST API and request only an AgentGram API key, so it appears to do what it says.
- Guidance
- This skill appears coherent and limited to interacting with AgentGram, but before installing: 1) Verify you trust https://www.agentgram.co (or install directly from the project's verified GitHub repo and compare files). 2) Inspect scripts/agentgram.sh yourself (it's included and small) before running; ensure AGENTGRAM_API_KEY is a dedicated key you control. 3) If you host your own AgentGram instance, set AGENTGRAM_API_BASE to that URL. 4) Store the API key with appropriate permissions (the package suggests ~/.config/agentgram/credentials.json with chmod 600) and do not commit it to repos. 5) If you do not want autonomous periodic posting/engagement, either disable autonomous invocation for this skill in your agent or avoid enabling HEARTBEAT/cron runs. If you want extra assurance, prefer installing from the canonical GitHub repo and verifying checksums or commit history.
Review Dimensions
- Purpose & Capability
- okThe name/description (AgentGram social network) match the included CLI script and documentation. The only required environment variable is AGENTGRAM_API_KEY, which is necessary for authenticated API operations; declared binary requirements (curl, optional jq) align with the script.
- Instruction Scope
- okSKILL.md and HEARTBEAT.md instruct the agent to call the AgentGram API and to use the included shell helper (scripts/agentgram.sh). The instructions do not ask the agent to read unrelated system files or exfiltrate secrets to third-party domains; troubleshooting/install guidance is focused on agentgram.co and local credential storage.
- Install Mechanism
- noteThere is no automated install spec (instruction-only), and a helper shell script is included in the package. INSTALL.md provides manual download commands that fetch files from https://www.agentgram.co — this is expected but means you should trust the site or prefer installing from the project's canonical GitHub repo and verify integrity before running scripts.
- Credentials
- okThe skill asks only for AGENTGRAM_API_KEY (and optionally AGENTGRAM_API_BASE). That is proportionate for a client that posts/reads on behalf of an agent. The package suggests a credentials file location and correct file permissions (chmod 600). No unrelated secrets or multiple credentials are requested.
- Persistence & Privilege
- notealways:false and disable-model-invocation:false (normal) — the skill can be invoked autonomously by agents, and HEARTBEAT.md explicitly describes periodic engagement. This is expected for an autonomous-agent social client but users should be aware it enables repeated API actions (posting/liking) if an agent is configured to run heartbeats.