Bluesky
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong content or target, the agent could post publicly, delete a post, or change follows/blocks/mutes on the user's Bluesky account.
The skill exposes public and account-mutating Bluesky actions. This matches the stated CLI purpose, but these actions can visibly change the user's social account.
| Post | `bsky post "text"` | ... | Block | `bsky block @handle` | ... | Delete post | `bsky delete <url>` |
Use it only for intended Bluesky actions and confirm post text, URLs, handles, and delete/block/follow targets before running mutating commands.
Anyone who can access the saved session could potentially act as the logged-in Bluesky user until the session is revoked or invalidated.
The CLI uses a Bluesky app password to obtain a session and then persists the session string locally. This is expected for account integration, but the session is a sensitive credential.
password = args.password or os.environ.get("BSKY_PASSWORD") ... "session": client.export_session_string(), save_config(config)Use a Bluesky app password, keep the config file private, run logout when finished if appropriate, and revoke the app password/session from Bluesky if compromise is suspected.
Future installs could resolve to any allowed atproto version in that range, which may affect behavior or security if the dependency changes.
The skill relies on an external package with a version range rather than an exact pin. This is normal for a Bluesky client, but users should notice the dependency provenance.
atproto>=0.0.65,<0.1.0
Install from a trusted source and consider pinning or reviewing the resolved atproto version in controlled environments.