Skillv1.0.0

ClawScan security

Automated Tweet Scheduler · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 19, 2026, 11:37 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's description claims Twitter scheduling, media uploads, cloud storage, and analytics but the instructions declare no credentials or config — several required external services are implied but not requested, which is inconsistent and risky.
Guidance: This skill describes features that require API keys and cloud credentials (Twitter/X API keys or OAuth tokens, AWS credentials for S3, DB credentials) but the package declares none — that's an inconsistency. Before installing or using: (1) Verify the publisher and request source code or a trustworthy repo; (2) Never paste high-privilege credentials into chat. Prefer OAuth flows or ephemeral tokens; (3) If you must provide credentials, use least-privilege tokens (S3-limited bucket policy, DB user with limited rights, Twitter token scoped to posting only); (4) Ask how credentials are stored/transmitted (encrypted storage? external servers?); (5) Prefer running this in a sandbox or separate account and avoid giving global AWS keys; (6) If the skill will integrate with Telegram/Discord, confirm what content is forwarded externally and get a privacy policy. The inconsistencies here could be sloppy documentation or an attempt to extract credentials — proceed cautiously.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes scheduling tweets, media upload, analytics, PostgreSQL, AWS S3, and Telegram/Discord bots (and explicitly names Twitter API v2). Any legitimate implementation would need Twitter API credentials, cloud credentials and database access. The registry entry declares no required env vars, credentials, or config paths — this mismatch suggests the skill is incomplete or asking for sensitive information outside its declared surface.
Instruction Scope: concernThe runtime instructions are high-level and do not show concrete, limited steps for obtaining or using credentials. They imply network calls (Twitter API, S3, bot APIs) and storage of media/analytics, but give no guidance on where credentials come from, how tokens are obtained (OAuth vs. raw keys), or how user data is protected. The instructions are vague and grant broad discretion to the agent.
Install Mechanism: okNo install spec and no code files (instruction-only). That reduces direct disk-write/remote-download risk; however, the lack of code means the security surface is primarily in runtime prompts and credential handling, which are not described.
Credentials: concernThe skill implies use of multiple external services (Twitter, AWS S3, PostgreSQL, Telegram/Discord) but declares no required environment variables or primary credential. Requesting multiple unrelated credentials would be concerning; the current absence of any declared credentials is incoherent with the described functionality and increases the risk that the agent will prompt for or mishandle secrets.
Persistence & Privilege: okThe skill is not always-included and does not request any system config paths or persistent privileges. Autonomous invocation is allowed (platform default), which is expected for a user-invocable skill.