Agent Content Pipeline
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate human-reviewed content workflow, but it relies on an external npm CLI that can use browser session tokens and post to social accounts, with little reviewed code or credential metadata in the provided artifacts.
Install only if you trust and have reviewed the npm CLI package. Treat browser tokens and X cookies as sensitive credentials, keep approval/posting manual, use dry-run previews, and consider a dedicated browser profile or social account for this workflow.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the installed CLI mishandles or overuses these session tokens, it could affect the user's social-media accounts or publish content under their identity.
The skill expects the CLI to access local browser/session credentials for social-media accounts. This is purpose-aligned for posting, but it is high-impact account access and is not declared in the registry credential requirements.
LinkedIn | Browser profile ... X/Twitter | Firefox tokens ... Both platforms require password to post. Tokens are extracted from Firefox and encrypted locally.
Only use this with a trusted and inspected CLI package; prefer a dedicated browser profile or test account, avoid pasting tokens into chat, and rotate/revoke tokens if anything looks wrong.
The clean static scan only covers the included files, not the npm package that would actually run locally.
The skill depends on an external npm CLI package, but the provided artifact set contains no CLI source code for review. That matters because the external code appears responsible for posting and credential handling.
"install": [{ "kind": "node", "package": "agent-content-pipeline", "bins": ["content", "content-pipeline"] }]Review the npm package/source before installing, pin a known version if possible, and install it only in an environment where you are comfortable granting social-account access.
Running the wrong command or approving the wrong file could publish unintended content or change review status.
The documented CLI can change workflow state and publish content. The skill frames these as human-controlled and confirmation-gated, so this is expected but still high-impact if misused.
content mv <dest> <file> # Move file to drafts/reviewed/revised/approved/posted content post <file> # Post (prompts for confirmation)
Use `content post --dry-run`, verify the file and platform before posting, and do not let the agent run approval or posting commands.
Private draft content and review feedback may remain on disk after the posting workflow is complete.
The workflow stores persistent review-thread logs locally. This is purpose-aligned, but those logs may contain unpublished drafts, feedback, or strategy.
.content-pipeline/threads/ — feedback thread logs (not posted)
Keep the workspace private, avoid committing these folders accidentally, and periodically clean up old drafts and thread logs.