Skillv1.0.4

ClawScan security

TikTok Content Pipeline · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 28, 2026, 12:01 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its TikTok/Postiz purpose, but registry metadata and install spec are inconsistent with what the skill actually needs and does, so proceed with caution.
Guidance: This package generally does what it says (generate/schedule/post via Postiz), but several inconsistencies merit caution: - Metadata mismatch: The registry entry claims no required env vars/binaries, but SKILL.md and code require POSTIZ_API_KEY, a TikTok integration ID, Node.js, and the 'postiz' CLI. Treat the registry metadata as unreliable until corrected. - Before installing: inspect package.json and SETUP.md, and confirm postiz-cli's origin (npm page or official Postiz site). Native deps like canvas/sharp can require build tools—install in a controlled environment. - Secrets: Provide POSTIZ_API_KEY only via a secure environment variable or secret manager; do not commit API keys into repo config files. If you must store config files, add them to .gitignore as recommended. - Test safely: Use a throwaway/test TikTok account and test templates and 'auto-improve' in dry-run mode first to confirm behavior (the skill can auto-post and auto-modify account configs). - Audit packages: Run 'npm install' in an isolated environment, then 'npm audit' and review dependencies for native code or uncommon publishers. - Runtime autonomy: If you plan to enable autonomous invocation for an agent that has this skill, consider restricting that agent's scope or disabling auto-implement features to prevent unintended automated posting. If you want to proceed, ask the publisher or registry maintainer to correct the metadata (declare required env vars and required binaries/install steps) so you have an accurate inventory of what the skill will require.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and source clearly require a Postiz API key and a TikTok integration ID and rely on the external 'postiz' CLI and node dependencies (canvas/sharp/etc.). However the registry metadata lists no required env vars/credentials and claims no required binaries — an inconsistency. The credentials requested are appropriate for the stated purpose (publishing/analytics) but the packaging/metadata omission is a red flag.
Instruction Scope: noteRuntime instructions and code stay within the stated scope: generating carousel slides, scheduling, calling Postiz CLI for publishing and analytics, and writing data under accounts/ and output/. The skill can run external CLI commands via execSync to invoke Postiz; the code uses shell-escaping helpers before embedding user/config values into those commands. Note: the 'auto-improve' mode can modify account configs and auto-post — the doc correctly warns to test on a throwaway account.
Install Mechanism: concernRegistry lists no install spec (marked as instruction-only) but the package includes full source and SETUP.md that requires 'npm install' and a global 'postiz-cli' installation; native dependencies (canvas, sharp) are declared and may require build toolchains. The absence of an explicit install spec in the registry combined with included code/files is inconsistent and increases risk because an installer might not automatically run required steps or might misrepresent what will be written/executed.
Credentials: concernThe SKILL.md requires POSTIZ_API_KEY and a TikTok Integration ID (stored per-account config). Those credentials are proportional to the claimed functionality. However the registry metadata declares no required env vars or primary credential — a mismatch that could mislead users about what secrets the skill needs. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request 'always: true' and does not modify other skills' configs. It writes per-account files under its own directories and can auto-implement actions only within account configs. Autonomous invocation is enabled (platform default); combined with 'auto-improve' the skill could auto-post, so exercise caution when granting it runtime autonomy.