Back to skill
Skillv1.0.5
ClawScan security
xqueue · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 27, 2026, 4:01 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and requested environment variables are consistent with a file-based X (Twitter) scheduler and do not request unrelated privileges or reach unexpected endpoints.
- Guidance
- This skill appears to do exactly what it says: run the included Python scripts on a cron schedule to post files from a folder tree to X. Before installing/running: 1) protect the four X API credentials (they allow posting as your account); prefer environment variables or a secure keychain entry; 2) be aware deleteAfterPost is true by default (files are removed after posting); enable dry-run initially to verify behavior; 3) the script uses the macOS 'security' command as an optional keychain fallback and may call the local 'openclaw' CLI for notifications if available — if you don’t want that, don’t install/run the OpenClaw CLI and/or remove that notification call; 4) review cron setup and the configured xqueue path to ensure files live where you expect. Other than those operational considerations, there are no incoherent permissions, unexplained network hosts, or unexpected persistence behaviors.
Review Dimensions
- Purpose & Capability
- okName/description (file-based X post scheduler) match what the code and SKILL.md do: create folder structure, read .md files, post to X via OAuth1, upload media, and log actions. Required binaries (python3) and pip deps (requests, requests-oauthlib) are appropriate and expected.
- Instruction Scope
- okSKILL.md instructs running the included scripts (setup + cron-runner). The code only reads/writes the xqueue folders, a posted.log, and a notifications.log in ~/.openclaw — all described in metadata. It accesses credentials (env or macOS keychain) which is necessary to call X APIs. There are no instructions to read arbitrary user files or exfiltrate data to unrelated endpoints.
- Install Mechanism
- okNo install spec (instruction+code only). The skill ships Python scripts and expects the user to run them; nothing is downloaded at install time and no third‑party installers or remote archives are used.
- Credentials
- okRequested environment variables are the four standard X/Twitter OAuth credentials needed to post: X_CONSUMER_KEY, X_CONSUMER_SECRET, X_ACCESS_TOKEN, X_ACCESS_TOKEN_SECRET. The optional macOS keychain fallback uses the local 'security' utility to read credentials — consistent with the fallback behavior. No unrelated secrets or external API keys are requested.
- Persistence & Privilege
- okSkill is not marked always:true and does not attempt to persist itself or modify other skills. It makes a best-effort notification call to the OpenClaw CLI (openclaw wake) and writes to its own notification/log files only. No elevated privileges or cross-skill config modifications are present.