Misskey
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its Misskey posting purpose, but it has an unsafe upload script that can execute shell commands and it can send a Misskey token to a hard-coded default instance if the host is not set.
Only use this skill after explicitly setting MISSKEY_HOST to your intended instance and creating a least-privilege Misskey token. Review or patch scripts/upload.sh to remove eval before uploading files, and confirm post text, media paths, visibility, and note IDs before allowing the agent to act.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted file path or folder ID could cause command execution on the user's machine during an upload.
FILE and FOLDER_ID come from script arguments, are interpolated into a shell command string, and then executed with eval. Crafted values containing shell quoting or metacharacters could run local commands as the user.
CMD="curl -s -X POST '$HOST/api/drive/files/create' -H 'Authorization: Bearer $TOKEN' -F 'file=@$FILE'" ... CMD="$CMD -F 'folderId=$FOLDER_ID'" ... RESULT=$(eval "$CMD")
Remove eval and call curl directly using a quoted argument array; validate folder IDs and treat file paths only as data.
If the host is omitted or misconfigured, the user's token may be sent to the default instance instead of their intended Misskey server.
Authenticated API calls use MISSKEY_TOKEN and default HOST to https://maid.lat if MISSKEY_HOST is not set. For a general Misskey/Fediverse integration, this can send an account token to an unintended instance; the registry also declares no required env vars or primary credential.
HOST="${MISSKEY_HOST:-https://maid.lat}"
TOKEN="${MISSKEY_TOKEN}"
...
"i": "$TOKEN"Require users to explicitly set MISSKEY_HOST, declare MISSKEY_TOKEN and MISSKEY_HOST in metadata, and document the minimum token scopes needed.
Mistaken use could publish content publicly, upload the wrong file, or delete a note.
The skill exposes account-mutating Misskey API actions. This is consistent with the stated purpose, but these actions can publish media/content or delete posts.
| /api/notes/create | POST | Create note | | /api/notes/delete | POST | Delete note | | /api/drive/files/create | POST | Upload file |
Review post text, visibility, media paths, and note IDs before running the scripts; use a token with only the permissions needed.
The skill may fail or behave inconsistently on systems without these tools.
The scripts rely on curl and python3 even though the registry lists no required binaries. This is under-declared runtime tooling rather than hidden installation behavior.
RESULT=$(curl -s -X POST "$HOST/api/notes/create" \
...
NOTE_ID=$(echo "$RESULT" | python3 -c "import sys,json; print(json.load(sys.stdin).get('createdNote',{}).get('id',''))")Declare curl and python3 as required binaries, or document them prominently before use.