One Click Posting
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unauthorized run could post public content under the wrong account or to the wrong platform.
The skill is designed to publish content to third-party social platforms, which implies acting under the user's platform account or session.
小红书/X/知乎可发布稿,并按固定门禁完成“预检→老板确认→发布→截图复核→数据归档”
Before use, confirm the logged-in platform account, target platforms, final content, and explicit approval phrase for each publish run.
If this override is used carelessly, the packet could appear to pass preflight before true approval is recorded.
The preflight helper can be invoked in a mode that does not require the approval flag, even though the skill's normal workflow requires explicit user approval.
parser.add_argument("--allow-unapproved", action="store_true", help="Allow pass even when approval.granted=false")Do not use the approval-bypass option for real publication; require explicit user confirmation before any publish or update action.
Post links, screenshot paths, and performance metrics may persist and be reused in later agent context.
The workflow writes publication results and related evidence into persistent knowledge and memory locations.
并将结果归档到: - `knowledge/daily/YYYY-MM-DD/` - `memory/YYYY-MM-DD.md`
Avoid storing sensitive unpublished drafts or private account details in these records, and periodically review or clean archived memory files.