Social Media Automation Skills Registry
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This instruction-only registry asks for sensitive Bolta workspace credentials and broad social-media/workspace authority despite under-declared metadata, and the scan reports a possible embedded API key.
Review this skill carefully before installing. Only proceed if you intended to connect an agent to a Bolta workspace, can verify the publisher/source, and can provide a least-privileged API key. Do not use admin/editor or full-access keys unless necessary, and investigate/rotate any API key that may have been embedded in the artifact.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If granted, the skill may enable access to a Bolta workspace and connected social-media operations beyond what a simple registry index appears to need.
The skill requires a sensitive workspace-scoped API credential even though it is described as a registry/documentation index rather than a callable integration.
"name": "BOLTA_API_KEY", "required": true, "sensitive": true, "description": "Bolta API key ...", "scope": "workspace"
Do not provide a broad API key unless you intend this skill to orchestrate Bolta workspace actions. Use the least-privileged key possible and verify the publisher/source first.
An agent using these privileges could affect public content, schedules, connected accounts, audit data, API keys, or team membership.
The documented role scopes include destructive, bulk, approval, audit-export, account-connection, key-management, and team-management authority, but the provided artifact does not clearly bound when or how those powers should be used.
`editor` ... `posts:delete`, `review:approve`, `content:bulk`, `audit:export`, `team:manage_keys`; `admin` ... `accounts:connect`, `team:manage`
Prefer read-only or creator-level scopes, require human approval for publishing/deleting/account/team changes, and avoid admin/editor keys unless explicitly needed.
If the embedded value is a real token, it could expose an account or workspace and should be treated as compromised.
The supplied static scan reports that SKILL.md appears to contain a hardcoded API secret or token.
suspicious.exposed_secret_literal at SKILL.md:385 ... Evidence: API Key: [REDACTED]
Remove any real key from the skill artifact, rotate the exposed credential, and use environment variables or a secret manager instead.
Users may have difficulty verifying that this credential-requesting registry is the authentic Bolta source before granting access.
The registry-level metadata provides no source or homepage and declares no credentials, while SKILL.md self-declares Bolta credentials and trusted domains. That mismatch matters because the skill requests sensitive workspace access.
Source: unknown; Homepage: none; Required env vars: none; Primary credential: none
Require registry metadata to declare the source, homepage, credential requirements, and trusted domains consistently with SKILL.md before installation.
Using the skill may send requests or data to Bolta-controlled API/MCP endpoints.
The artifact discloses external Bolta API/MCP endpoints. This is plausibly purpose-aligned, but it means agent requests and potentially workspace context may cross an external service boundary.
"trustedDomains": ["platty.boltathread.com", "bolta.ai", "mcp.bolta.ai"], ... "mcpEndpoint": "https://mcp.bolta.ai/mcp"
Install only if you trust these endpoints and understand what workspace or social-media data the Bolta API/MCP integration will process.