v4.1.3

X Engagement

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:16 AM.

Analysis

This X/Twitter assistant is purpose-aligned, but it warrants Review because it can use a logged-in browser to perform public account actions and one core workflow can post comments without an explicit final confirmation step.

GuidanceOnly install this if you are comfortable connecting it to a logged-in X browser. Before use, verify the Browser Relay package, make sure every like/follow/comment is previewed and explicitly confirmed, and review the local memory folder for facts you do not want retained.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceMediumStatusConcern

docs/comment-generation.md

# 5. 发表
post_comment(proposed)

# 6. 记录
record_comment(tweet, proposed)

This core workflow sends a generated comment before showing an explicit user-confirmation step in that workflow, even though comments are public account writes.

User impactIf followed literally, the agent could publish a comment from the user's X account without a final approval prompt.

RecommendationAdd an explicit preview and final user-confirmation step before every `post_comment` or `postComment` example, and make no-confirm posting paths prohibited.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

README.md

npx browser-relay-cli version
npx browser-relay-cli extension-path
npx browser-relay-cli relay-start

The skill relies on an external Browser Relay CLI invoked through npx, while the provided install metadata does not pin or declare that runtime.

User impactRunning an unpinned external CLI can introduce package provenance and version-change risk.

RecommendationVerify the Browser Relay package/source, pin a reviewed version where possible, and avoid running unexpected updates automatically.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

docs/browser-operations.md

复用本地已登录 Chrome/Chromium ... 点赞、关注、评论都先生成建议，再由用户确认是否执行

The skill uses the user's already-logged-in browser session to perform X account actions such as liking, following, and commenting.

User impactThe skill can act with the authority of the user's live X account, which can affect reputation, follows, likes, and public comments.

RecommendationTreat the logged-in browser session as a credential requirement, confirm the exact X account and tab before use, and keep all write actions behind explicit user approval.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

docs/memory-system.md

用户事实（永久保留） ... 记录用户说过的话 ... 学习用户习惯和偏好

The skill stores persistent local facts, preferences, and interaction history that are reused for future comment generation.

User impactSensitive or incorrect facts could persist and influence future public comments or recommendations.

RecommendationReview and periodically edit or delete the memory files, especially permanent user facts and preferences.