Twinfold
ReviewAudited by ClawScan on May 10, 2026.
Overview
Twinfold appears purpose-aligned, but it deserves review because it can automatically publish AI-generated content to public social accounts and run autopilot workflows without clear confirmation safeguards.
Use this skill only if you intend to let an agent manage your Twinfold social media workflow. Before publishing, autopilot, scheduling, or adding persistent knowledge, review the exact content, platforms, accounts, timing, credit use, and API key handling.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could publish AI-generated content to public social accounts before the user has reviewed exact wording, platforms, timing, or attached media.
The instructions show a one-call path that generates and publishes content directly, but the provided artifacts do not show a mandatory final user review or confirmation step before public posting.
twinfold.createPost { topic, platforms, language, autoAdapt: true, autoPublish: true } ... One call does it all — generates content, adapts per platform, publishes.Require explicit user confirmation immediately before publishNow, autoPublish, schedulePost, runAutopilot, or any destructive account mutation.
A mistaken or low-quality post could appear on multiple connected platforms, increasing reputational impact and cleanup effort.
The documented workflows support multi-platform publication, so one bad generated post or wrong platform selection can be amplified across several public channels.
"platforms": ["linkedin", "twitter", "instagram"] ... twinfold.publishNow ... Publishes to all platforms on the post via Upload-Post API.
Use platform allowlists, preview each platform-specific version, and confirm the target accounts before publishing.
Anyone or any agent with this key may be able to create, edit, schedule, or publish through the user’s Twinfold-connected accounts.
The skill requires a bearer API key for the user’s Twinfold account; this is purpose-aligned, but it is sensitive delegated authority.
requires: env: - TWINFOLD_API_KEY ... Auth: Authorization: Bearer <TWINFOLD_API_KEY>
Store the API key securely, revoke it if exposed, and prefer a scoped or separate key if Twinfold supports it.
Sensitive personal, strategic, or opinion data added to Twinfold may be reused in later content generation or brand voice outputs.
The skill can add persistent knowledge and brand information to the user's Twin, including personal or business-sensitive categories that may influence future generated content.
twinfold.addKnowledge ... Categories: EXPERTISE_DOMAINS, COMMUNICATION_STYLE, VALUES_AND_BELIEFS, INDUSTRY_KNOWLEDGE, PERSONAL_STORIES, OPINIONS_AND_TAKES, AUDIENCE_INSIGHTS
Only add information the user wants stored in Twinfold, and periodically review or remove persistent knowledge and brand settings.