X Actionbook Recap
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: x-actionbook-recap Version: 0.1.0 The skill bundle is designed to collect, summarize, and publish X (Twitter) posts using browser automation. While it involves high-risk capabilities like web scraping via `actionbook browser` commands and external publishing to X, these actions are explicitly stated in the `SKILL.md` as the core purpose of the skill. The instructions include guardrails such as confirming the target account and final copy before posting, and there is no evidence of intentional harmful behavior, data exfiltration, malicious execution, persistence, or prompt injection against the agent for purposes beyond the stated goal. All actions are clearly aligned with the skill's description.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent could publish a post or thread to X from the selected account.
The skill can use browser automation to perform an external public posting action. The explicit confirmation requirement makes this purpose-aligned and user-controlled rather than hidden.
If using OpenClaw browser automation: - open compose - paste final English copy - upload image (if any) - post / thread Confirm before posting:
Confirm the target account, final text, and any image before allowing the agent to post.
The agent may act through whichever X account is active or specified for publishing.
Publishing from a specified account uses that account's authority. This is expected for the stated purpose, but it is still account-level action.
publish a neutral English recap (single post or thread) from a specified account
Use only the intended logged-in account and require explicit approval for the exact post or thread.
Users need a trusted local Actionbook installation for the workflow to work safely.
The workflow depends on an external Actionbook CLI, while the package itself is instruction-only and has no install spec. This is a metadata/provenance gap for the external tool, not evidence of hidden code in the skill.
using the Actionbook Rust CLI (actionbook-rs) workflow ... `actionbook browser open`
Verify the Actionbook CLI source and installation separately before using the skill.