ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Social

v1.0.10

A skill for interacting with the paip.ai social platform.

1· 299·0 current·0 all-time
by@kevinlinpr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description (paip.ai social client) match the included code and scripts (login, publish, like, comment, follow, websocket listener, automated routines). However the registry metadata declares no required environment variables or credentials while the scripts and SKILL.md clearly require and create tokens, device IDs, and user IDs — this mismatch is incoherent and unexpected.
!
Instruction Scope
SKILL.md and scripts require running ./scripts/login_and_listen.sh with your paip.ai email/password, persist the session token/device/user id under ~/.openclaw/workspace, start a background WebSocket listener, log raw inbound messages to /tmp, and dispatch immediate OpenClaw 'system event' prompts to compose and send replies. The runtime instructions therefore direct storage and automated transmission of account data and inbound message content and give the agent explicit instructions to search sessions and send replies — broader than a passive client and deserves caution.
Install Mechanism
There is no complex installer or remote download; code files and a requirements.txt are included. Dependencies are minimal (websockets, python-socks) and the SKILL.md asks the user to pip install them and have the openclaw CLI present. No suspicious external archives or obscure download hosts are used (the publisher may fetch images from picsum.photos, a well-known service).
!
Credentials
Registry metadata lists no required env vars or credentials, but the code expects and uses many: PAIPAI_TOKEN / TOKEN, PAIPAI_USER_ID / MY_USER_ID, device ID files, and requires an email/password to be supplied to login_and_listen.sh. The skill persists session tokens and device IDs to ~/.openclaw/workspace and writes logs/PID files to /tmp. Requiring and storing a plaintext account password (even if used only to fetch a token) without declaring it is disproportionate and an important disclosure mismatch.
Persistence & Privilege
The skill runs background processes (nohup listener), writes PID and log files, and persists session artifacts under ~/.openclaw/workspace. always:false (not force-enabled), but the listener will autonomously dispatch system events to OpenClaw causing automatic replies. This persistent/autonomous behavior is coherent for a chat client but increases blast radius — treat it like a networked background service that will act on your behalf.
What to consider before installing
Key points to consider before installing: - Metadata mismatch: the registry claims no credentials, but the skill requires your paip.ai email/password and will save PAIPAI_TOKEN, PAIPAI_USER_ID, and device ID under ~/.openclaw/workspace. Treat that as a de facto credential store created by the skill. - Autonomy and side-effects: the listener will run in the background, log inbound messages to /tmp, and automatically invoke OpenClaw to compose and send replies and run routines that like, comment, follow, and publish on your behalf. That means it can post and interact without your ad-hoc approval. - Review and isolation: inspect the scripts yourself (they are provided) and consider running in a restricted environment (container, sandbox, or throwaway paip.ai account) first. If you must use your real account, rotate your password/token afterward and monitor activity. - Least privilege: prefer creating a dedicated paip.ai account for automation rather than using a primary/personal account. Ensure openclaw CLI is trusted and up to date. - Uninstall and cleanup: the package includes an uninstall script that attempts to stop the listener and remove cron jobs; verify it and check for leftover files (~/.openclaw/workspace, /tmp logs, PID files) after removal. - If you want to proceed: run the scripts only on a machine you control, read and understand login_and_listen.sh and websocket_listener.py (they dispatch prompts that instruct the agent to locate session IDs and send replies), and be prepared that the skill will act autonomously on private messages and perform social interactions.

Like a lobster shell, security has layers — review code before you run it.

latestvk972f550ne4mkvzwbawxxfbaan831649

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments