Skillv1.1.1

ClawScan security

ZeeLin Twitter/X 运营 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 2:12 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (automating follow-backs and commenting on X) but the runtime instructions demand immediate, autonomous shell execution and mass commenting behavior that could cause unintended actions, platform rate-limits/abuse, or privacy leakage — proceed with caution.
Guidance: What to consider before installing or enabling this skill: - It will execute the included shell scripts (follow_back.sh, follow_back_verified.sh, comment.sh) via exec to control your logged-in X session — that means it can click/fill/submit on pages as your browser session. Review those scripts yourself (they are included) and test locally before allowing automatic runs. - The SKILL.md forces immediate exec on certain triggers ("直接发出 exec"). That removes an extra confirmation step; if you don't want automatic follow/unfollow or automated comments, do not enable autonomous invocation or avoid using triggers that the skill responds to. - Automated commenting/searching (f4f, 互关) can lead to rate-limits, account restrictions, or being treated as spam by X. Configure small max_count (e.g., 1–2) and test slowly. - The scripts use browser snapshot/evaluate to parse page content. Snapshot output may expose page text/metadata into agent logs or model context — avoid using this with accounts/pages that display private info. - If you proceed: run a dry run with low max_count, monitor account activity closely, and revoke skill access or disable autonomous invocation if you observe unexpected behavior. - No hidden network endpoints or credential exfiltration were found in the included files, but the behavioral risks above remain. If you are uncomfortable with automated posting on your account, do not install or restrict the skill to manual, supervised use only.

Review Dimensions

Purpose & Capability: okName/description, included scripts, and instructions align: the skill automates follow-backs and comments on the X account @Gsdata5566 using the openclaw browser tool and bundled shell scripts. No unrelated credentials, binaries, or external services are requested.
Instruction Scope: concernSKILL.md explicitly instructs the agent to immediately run bundled shell scripts via exec on user trigger (and to avoid interactive browser clicks). It also instructs autonomous searching + posting on many tweets (3–5 per run). This grants the skill broad ability to post and interact without additional confirmation and encourages repeated exec calls, which raises risk of unwanted posts, spam, or policy violations. The scripts call browser snapshot/evaluate which may expose page contents to logs/model context.
Install Mechanism: okNo install spec; scripts are included with the skill (instruction-only install). Nothing is downloaded at runtime. This minimizes supply-chain risk.
Credentials: okThe skill requests no environment variables or credentials and relies on the user being logged into X in the browser. The scripts do not embed external tokens or non-related credentials.
Persistence & Privilege: notealways:false and user-invocable:true (normal). However SKILL.md prescribes immediate exec behavior and encourages autonomous/cascading exec calls (timeouts, repeated comments). Because autonomous invocation is allowed by platform default, the immediate-exec instruction increases blast radius despite no declared extra privileges.