Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Follow
v1.0.0Monitor content from people, topics, and sources across platforms with smart filtering, tiered alerts, and searchable archives.
⭐ 2· 693·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to monitor many platforms (Twitter/X, YouTube, LinkedIn, Telegram, GitHub, Substack, RSS, etc.) and to use APIs or tools (yt-dlp, Nitter scraping, RSS, GitHub API). Yet the metadata lists no required binaries, no install steps, and no required credentials. Legitimately using many of these integrations typically requires API keys, account logins, or binaries (yt-dlp, ffmpeg) — the lack of declared requirements is inconsistent with the stated purpose.
Instruction Scope
SKILL.md and companion docs instruct the agent to create files under ~/follow, run scheduled monitoring (cron) or on-demand checks, scrape or use APIs, archive captured content, and transcribe long-form media. Those instructions imply filesystem read/write, network requests to third-party services (including scraping fallbacks like Nitter), and potential handling of paywalled or account-only content (LinkedIn, Substack paywalls, private Telegram channels). The instructions do not limit or clarify what counts as acceptable scraping, what credentials are needed, or how to avoid private-data access — granting broad discretion to the agent.
Install Mechanism
This is instruction-only with no install spec, which is low-risk by itself. However, the docs explicitly mention external CLI tools/services (yt-dlp, Nitter) and monitoring approaches that normally require binaries or third-party endpoints. Because there is no install section, it's unclear whether the agent expects these tools to already exist or will attempt ad-hoc installs; that ambiguity increases operational risk.
Credentials
The skill declares no required environment variables or primary credential, yet the instructions repeatedly reference API-based access and account-bound methods (Twitter/X API, GitHub API, Telegram bots, LinkedIn login, Substack subscriptions). Requesting no credentials is disproportionate: to function as described the skill will need some tokens/accounts. This mismatch could lead either to silent failures or to ad-hoc prompts/requests for credentials at runtime — a privacy and security concern.
Persistence & Privilege
always:false (no forced persistence) and no install spec. The skill intends to create a workspace under ~/follow and schedule monitoring (cron suggested), which grants it ongoing local storage and potentially scheduled execution. That is a normal pattern for a monitoring tool but should be explicit: the skill doesn't declare cron setup steps or where scheduled jobs run, which leaves room for confusion about persistence and privilege.
What to consider before installing
This skill's documentation describes monitoring many platforms, scraping fallbacks, downloading videos (yt-dlp), transcribing, and writing an archive in ~/follow — but the package declares no binaries, installs, or credentials. Before installing or trusting this:
- Ask the author to clarify required binaries (e.g., yt-dlp, ffmpeg), third-party services, and exact install steps.
- Confirm what credentials are needed for each platform and insist they be declared (and limited to read-only tokens where possible). Do not hand over full account passwords; prefer per-service API tokens with minimum scopes.
- Decide whether you permit scraping or storing paywalled/private content; get a retention/encryption policy for the archive (~follow).
- If the agent will schedule cron jobs or write files, confirm where those run (your machine, a hosted agent) and what permissions they have.
- Test first with non-sensitive, public sources and a small follow list to observe behavior.
Given the mismatches, treat this skill as untrusted until the missing operational details and credential requirements are clarified.Like a lobster shell, security has layers — review code before you run it.
latestvk9799m45haf29emmdf10w8hegs811q64
License
MIT-0
Free to use, modify, and redistribute. No attribution required.