XReplyAI - Social Post Manager
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent may create, schedule, or publish content visible to other people and may consume XreplyAI quota.
The skill exposes tools that can publish or schedule public social content. This is central to the stated purpose and is disclosed, but it is still a high-impact action for a user's public accounts.
Generate, schedule, and publish posts to X, LinkedIn, and Threads in your voice using AI.
Review the final post text, target platform, media, scheduled time, and quota impact before allowing publish or schedule actions.
Anyone or any agent run with this token could potentially manage posts through the connected XreplyAI account within the token's permissions.
The skill requires a credential that lets the MCP tools act through the user's XreplyAI account. That is expected for this service, and the artifacts do not show unrelated token use or leakage.
All tools require an `XREPLY_TOKEN` environment variable — a JWT token from XreplyAI Settings.
Set the token only for trusted use, rotate it if exposed, and prefer the least-privileged or revocable token option if XreplyAI provides one.
Runtime behavior depends on the external npm package and its published contents, not just the SKILL.md instructions reviewed here.
The runtime MCP server is pulled and executed from npm via npx. The version is pinned and the behavior is disclosed, but the package code is not included in the reviewed skill artifacts.
mcporter call 'npx @xreplyai/mcp@0.3.19' <tool_name> [param:value ...]
Install only if you trust the XreplyAI npm package and publisher; consider reviewing the package provenance or lock/pinning behavior in your environment.