One Click Posting
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: one-click-posting Version: 1.2.0 The skill bundle implements a structured workflow for multi-platform social media posting (Xiaohongshu, X, Zhihu) with a focus on quality control and human-in-the-loop approval. The Python scripts (build_publish_packet.py, run_preflight.py, update_packet_status.py) are well-written, using standard libraries for JSON state management and image metadata validation without any network calls, shell execution, or suspicious file access. The SKILL.md instructions explicitly enforce security boundaries, such as requiring explicit user confirmation ('boss confirmation') before any publishing action and prohibiting the forgery of results.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unauthorized run could post public content under the wrong account or to the wrong platform.
The skill is designed to publish content to third-party social platforms, which implies acting under the user's platform account or session.
小红书/X/知乎可发布稿,并按固定门禁完成“预检→老板确认→发布→截图复核→数据归档”
Before use, confirm the logged-in platform account, target platforms, final content, and explicit approval phrase for each publish run.
If this override is used carelessly, the packet could appear to pass preflight before true approval is recorded.
The preflight helper can be invoked in a mode that does not require the approval flag, even though the skill's normal workflow requires explicit user approval.
parser.add_argument("--allow-unapproved", action="store_true", help="Allow pass even when approval.granted=false")Do not use the approval-bypass option for real publication; require explicit user confirmation before any publish or update action.
Post links, screenshot paths, and performance metrics may persist and be reused in later agent context.
The workflow writes publication results and related evidence into persistent knowledge and memory locations.
并将结果归档到: - `knowledge/daily/YYYY-MM-DD/` - `memory/YYYY-MM-DD.md`
Avoid storing sensitive unpublished drafts or private account details in these records, and periodically review or clean archived memory files.