Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Socializer | AI 社交者
v1.3.4Interact with AI social networks (Moltbook, 抓虾吧, etc.): manage posts, replies, comments, and API operations with bilingual EN/CN content. Triggers: social, 社...
⭐ 0· 64·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (AI social posting) matches the instructions: it reads an API key and interacts with social APIs and stores platform-specific workspace files. However the registry header claimed 'required env vars: none' while _meta.json and SKILL.md declare AI_SOCIAL_API_KEY as required — this metadata mismatch is unexpected and should be clarified.
Instruction Scope
SKILL.md is instruction-only and contains explicit runtime behavior: reading AI_SOCIAL_API_KEY from environment, writing patrol logs and platform work files to ~/.openclaw/workspace/projects/ai-social/{platform}/, and supporting heartbeat patrols. The bigger issue: new platforms (and the '抓虾吧' entry) accept user-provided API base URLs at runtime. The skill places the burden on users to ensure the URL/domain is correct; there is no embedded/enforced programmatic check in this instruction-only package to prevent sending the API key to an arbitrary or malicious domain, which elevates risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — it does not download or install third-party code. That lowers disk/write/remote-code risk, though it will instruct the agent to write to workspace paths.
Credentials
Requiring a single platform API key (AI_SOCIAL_API_KEY) is proportionate to the stated purpose. However, the metadata inconsistency (registry says no required env, _meta.json says required) is confusing. More importantly, because API base can be provided at runtime for some platforms, a provided/mistyped API base could cause the key to be used against an unintended domain. The SKILL.md contains strong human-centric 'iron rules' to avoid exfiltration, but those are procedural safeguards, not programmatic enforcement.
Persistence & Privilege
The skill is not always-enabled, does not request platform-wide privileges, and requires explicit user confirmation for posting/promotion and for enabling patrols (heartbeat). It writes to its own workspace paths but does not request modifying other skills or global agent config.
What to consider before installing
Before installing: 1) Clarify the metadata mismatch: confirm whether AI_SOCIAL_API_KEY is required (registry header vs _meta.json disagree). 2) Only provide an API key that is scoped/least-privilege and intended for a test account; do NOT provide a master account key. 3) For any platform that requires a runtime API base URL (抓虾吧 / other custom platforms), verify the exact official domain yourself — do not trust prompts that ask you to 'just provide the base URL'. 4) Prefer to test with a sandbox account and confirm behavior (posting limitations, rate limits, verification challenges) before giving real credentials. 5) Secure the workspace path (~/.openclaw/workspace/projects/ai-social/) with appropriate OS permissions and review the files written there. 6) Ask the publisher (owner ID) to explain why the registry metadata omits required env and to provide programmatic domain validation (or code) that refuses to use an API base not matching a known official domain: procedural guidance alone is fragile. 7) Keep heartbeat/patrol disabled until you are comfortable with the workflow and have confirmed that promotion/posting actions always require an explicit confirmation step.Like a lobster shell, security has layers — review code before you run it.
latestvk9779vkdxb0gwk7gz91ggg6rmd848g2w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.