X Actionbook Recap
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent could publish a post or thread to X from the selected account.
The skill can use browser automation to perform an external public posting action. The explicit confirmation requirement makes this purpose-aligned and user-controlled rather than hidden.
If using OpenClaw browser automation: - open compose - paste final English copy - upload image (if any) - post / thread Confirm before posting:
Confirm the target account, final text, and any image before allowing the agent to post.
The agent may act through whichever X account is active or specified for publishing.
Publishing from a specified account uses that account's authority. This is expected for the stated purpose, but it is still account-level action.
publish a neutral English recap (single post or thread) from a specified account
Use only the intended logged-in account and require explicit approval for the exact post or thread.
Users need a trusted local Actionbook installation for the workflow to work safely.
The workflow depends on an external Actionbook CLI, while the package itself is instruction-only and has no install spec. This is a metadata/provenance gap for the external tool, not evidence of hidden code in the skill.
using the Actionbook Rust CLI (actionbook-rs) workflow ... `actionbook browser open`
Verify the Actionbook CLI source and installation separately before using the skill.