ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multi-Platform Publisher

v1.0.0

Publish content to X/Twitter, LinkedIn, WeChat Official Account, and Xiaohongshu with one command. Automatically adapts content format for each platform — th...

0· 330·2 current·3 all-time
by@mguozhen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's description says it publishes to X/Twitter, LinkedIn, WeChat, and Xiaohongshu — and the code implements adapters for all four. However the registry metadata lists no required environment variables or credentials, while both SKILL.md and the code expect multiple sensitive credentials (Twitter API keys/secrets, LinkedIn access token, WeChat appid/appsecret, XHS_COOKIE, optional XHS_MCP_ENDPOINT). That metadata mismatch is an incoherence that could mislead users about what secrets are needed.
Instruction Scope
SKILL.md gives explicit runtime instructions (pip install, set env vars, or place them in ~/.openclaw/openclaw.json) and the code follows those instructions. The adapters perform network calls only to platform APIs (X, LinkedIn, WeChat), and Xiaohongshu either calls a local/default MCP server or the XHS web endpoints. The scope is consistent with the stated functionality, but the Xiaohongshu MCP path means the skill will send base64-encoded image payloads and content to whatever MCP endpoint is configured, which is a privileged network action and should be reviewed before use.
Install Mechanism
There is no platform install spec (instruction-only). A requirements.txt exists and SKILL.md tells users to run pip3 install requests tweepy Pillow. No remote downloads or archive extraction are present in the manifest. This is low risk compared to automatic binary downloads, but users must run pip installs themselves — dependency supply-chain risks are possible but not unusual for Python CLI tools.
!
Credentials
The adapters legitimately require platform credentials (Twitter API key/secret + access token/secret; LinkedIn access token; WeChat appid/appsecret; Xiaohongshu cookie). These are proportionate to the advertised capabilities, but they are highly sensitive. Two specific concerns: (1) Xiaohongshu requires a browser cookie (XHS_COOKIE) rather than an API token — cookies are particularly sensitive and long-lived. (2) The adapter supports delegating actions to an MCP endpoint (XHS_MCP_ENDPOINT). If that endpoint is set to an external server, content and images (base64) will be sent to that server, enabling exfiltration. Also the registry metadata claiming no required env vars is misleading about the number/sensitivity of credentials required.
Persistence & Privilege
The skill does not request 'always: true', does not claim to modify other skills or system-wide settings, and will only act when invoked. It does read ~/.openclaw/openclaw.json and a local config.json for configuration, which is consistent with its SKILL.md instructions.
Scan Findings in Context
[pre-scan-injection-signals-none] expected: Static pre-scan reported no injection signals. Absence of regex flags is not proof of safety; the code contains network calls and credential handling as expected for a publisher.
What to consider before installing
This skill appears to implement the advertised multi-platform publisher, but pay attention to the following before installing or using it: - The CLI and code require multiple sensitive credentials (Twitter API key/secret + token/secret, LinkedIn access token, WeChat appid/appsecret, and a Xiaohongshu browser cookie). The registry metadata incorrectly lists no required env vars — assume you must provide those secrets to use the skill. - Xiaohongshu behavior: the adapter can delegate to an MCP server (default http://localhost:3001) or call XHS web APIs directly. If you (or your openclaw.json) set XHS_MCP_ENDPOINT to a remote host, the skill will send your content and base64-encoded images to that host. Only point it to a trusted, local MCP server; do not use an untrusted remote endpoint for the MCP setting. - Sensitive storage: avoid placing long-lived credentials or cookies in shared/nebulous config files. If you must store credentials, use least-privilege tokens and a dedicated account when possible. - Review and test in an isolated environment first: run the tool with --dry-run, validate credentials with the validate command, and inspect network traffic (or run in a sandbox) before giving it access to production accounts. - If you plan to use Twitter/LinkedIn/WeChat, prefer short-lived OAuth tokens or accounts with limited permissions where possible. Consider auditing/locking the ~/.openclaw/openclaw.json entry to ensure it contains only expected keys for this skill. Given the metadata mismatch and the MCP delegation risk, treat this skill as potentially privacy-risky until you confirm the MCP endpoint and credential handling meet your security requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk97afemwf87yzzg8513n0khmp582kkm2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments