Follow
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherently about following public or account-based sources, but users should deliberately scope any scheduled monitoring, platform logins, bots, and archives.
Before installing or using this skill, decide which platforms and sources it may monitor, whether scheduled checks are allowed, what accounts or API tokens it may use, and how long archived summaries should be retained.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Misconfigured monitoring could collect more content than intended, hit platform limits, or violate platform expectations.
The skill explicitly contemplates using external APIs, scraping, and downloader tooling to collect followed content.
Twitter/X: "Access: API (limited free tier) or scraping"; YouTube: "Access: yt-dlp (reliable), YouTube API"
Approve each platform access method and source list explicitly; avoid scraping private or protected content unless the user has authorized it.
If platform credentials or logged-in accounts are used too broadly, the agent could access account-scoped content beyond what the user intended to follow.
Some integrations may require using a user account or platform-authenticated access, which is expected for this purpose but still sensitive.
LinkedIn: "requires login"; Telegram: "Requires Telegram account"
Use least-privileged API tokens or dedicated accounts where possible, and do not provide browser cookies, passwords, or unrelated session data.
Archived posts or summaries may be outdated, misleading, or adversarial, and could influence later answers if treated as trusted context.
The skill stores followed-source content for later retrieval and synthesis, making the archive persistent context for future answers.
The archive isn't just storage — it's a searchable knowledge base of what your followed sources have said over time.
Keep links and timestamps, treat archived source content as untrusted evidence, and define retention or deletion rules for sensitive archives.
Private or subscription-only channel content could be exposed to a bot or third-party aggregator if configured carelessly.
Forwarding content to an aggregator bot can introduce an external service or bot boundary.
Telegram options: "Join channels directly" and "Forward to aggregator bot"
Use only trusted bots, avoid forwarding private channels unless allowed, and document where forwarded content is stored.
Scheduled checks and alerts may keep running after initial setup if the user forgets about them.
The skill contemplates recurring scheduled monitoring, which is expected for a follow/alert tool but creates persistent activity.
Monitor: Check sources on schedule (cron) or on-demand
Make schedules explicit, keep them scoped to chosen sources, and provide a clear way to pause or remove monitoring.