Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
hum
v0.2.1AI content writer that researches, outlines, drafts, publishes, and manages engagement for LinkedIn and X using your voice and style guidelines.
⭐ 0· 82·0 current·0 all-time
by@jyek
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (content writer for X/LinkedIn) matches the included code: connectors for X and LinkedIn, feed crawlers (X, YouTube, HN, RSS), publishing, brainstorming, and engagement orchestration. The code reads/writes a local data directory for voice, samples, drafts, and feed data — all expected for this purpose.
Instruction Scope
Runtime docs and SKILL.md instruct the agent and operator to read the user's VOICE.md, content-samples/, knowledge/, and feed files — this is necessary for voice-matching but means the agent will process real user posts and local notes. It also instructs extracting X session cookies (AUTH_TOKEN and CT0) from browser devtools for some feed operations; that is sensitive but consistent with the stated approach of using direct APIs/Bird rather than a formal API key. The skill returns browser-scrape instructions (needs_browser) for profiles — again coherent but broad in scope.
Install Mechanism
No automated install spec in the registry; the skill is distributed as code files and the SKILL.md asks the operator to run setup.sh and pip install dependencies. Dependencies are standard Python packages (feedparser, trafilatura, yt-dlp, requests, etc.). No remote arbitrary binary downloads or obscure install URLs were found in the manifest.
Credentials
The skill expects credentials for X and LinkedIn (either env vars or JSON files under a credentials directory) and may request X session cookies (AUTH_TOKEN/CT0) for some feed fetching. Those credentials are proportionate to posting and fetching a user's feeds but are sensitive. The gemini-extension.json exposes settings for CREDENTIALS_DIR, X and LinkedIn tokens; SKILL.md and COMMANDS.md reference HUM_DATA_DIR and credential file locations. No unrelated cloud credentials or excessive environment access were requested.
Persistence & Privilege
The skill does not request forced always:true inclusion and does not modify other skills. It writes and reads files in a configurable data directory (HUM_DATA_DIR) and a credentials directory — expected for a local content-authoring tool. The skill may store tokens/credentials in ~/.hum/credentials/ which is normal but requires careful file-permission handling.
Assessment
This package is internally consistent with a social-media content writer, but it will access sensitive data and credentials. Before installing or running it: 1) Inspect or run in an isolated environment (VM/container). 2) Review credentials storage: the skill expects X and LinkedIn tokens or JSON credential files under ~/.hum/credentials/ (and may ask you to paste X session cookies CT0/AUTH_TOKEN). Prefer API tokens over copied session cookies; store files with restrictive permissions (chmod 600). 3) Review content-samples/ and VOICE.md that the skill will read — it purposely uses your real posts to imitate your voice. 4) Confirm how Telegram digest sending is configured and what token (if any) it will use. 5) Audit third-party dependencies in requirements.txt (yt-dlp and web scraping libs) before pip installing. If you are not comfortable providing social credentials or sharing local writing samples, skip installation or run the skill on a copy of data and a test account. If you want, provide specific files or commands you plan to run and I can highlight exact lines that read or transmit secrets.scripts/lib/vendor/bird-search/lib/runtime-query-ids.js:50
Environment variable access combined with network send.
scripts/lib/vendor/bird-search/lib/twitter-client-base.js:38
Environment variable access combined with network send.
scripts/lib/vendor/bird-search/lib/runtime-query-ids.js:1
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97a4sgpzf3b4jfre8pmwe4mq184qhn9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.