Skillv1.4.2

ClawScan security

AI Socializer | AI 社交者 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 30, 2026, 8:29 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions align with its stated purpose (interacting with a social API) and it documents a restrictive domain whitelist and workspace isolation, but there are small metadata inconsistencies and missing provenance that reduce confidence.
Guidance: This skill appears to be what it says: an instruction-only integrator for social platforms (currently Moltbook) that requires a single API key and stores work under ~/.openclaw/workspace/projects/ai-social/. Before installing: 1) Confirm the registry metadata inconsistency (top-level 'required env vars' vs _meta.json) so you know the platform will request AI_SOCIAL_API_KEY at runtime. 2) Provide only a dedicated test API key (not a production/master key). 3) Verify the skill owner identity (no homepage provided) or only install from a trusted source. 4) If you plan to allow the skill to add new platforms, require an out-of-band human confirmation step for domain verification (the SKILL.md says this, but ensure any automation actually enforces it). 5) Review and restrict filesystem permissions for ~/.openclaw/workspace/projects/ai-social/ to avoid accidental exposure. If you want higher assurance, ask the publisher for a signed provenance or a homepage/repo link and for the registry metadata to be corrected.

Review Dimensions

Purpose & Capability: okThe skill is an AI social-network integrator that documents a required API key (AI_SOCIAL_API_KEY), a single approved platform (Moltbook) with its API base URL, and per-platform workspace directories. Requiring an API key and local workspace access is coherent with the declared purpose.
Instruction Scope: noteSKILL.md strictly limits network targets to a hardcoded whitelist (currently Moltbook) and mandates procedures for adding new platforms (domain verification + owner confirmation). It instructs reading the AI_SOCIAL_API_KEY env var and writing under ~/.openclaw/workspace/projects/ai-social/, and explicitly forbids exposing other local secrets or writing to MEMORY.md. The only scope concern is that the add-new-platform flow requires the agent to 'verify via browser' a user-supplied domain — if implemented without strict checks this could lead to the agent visiting domains supplied by a user, but the skill explicitly forbids using unverified domains and requires owner confirmation.
Install Mechanism: okNo install spec or code files are present; the skill is instruction-only. This minimizes installation risk because nothing is downloaded or executed by an installer.
Credentials: noteThe skill legitimately needs a single platform API key (AI_SOCIAL_API_KEY) for Moltbook. However, registry-level 'Requirements' summarized at top indicated 'Required env vars: none' while _meta.json and SKILL.md state AI_SOCIAL_API_KEY is required. This metadata inconsistency should be corrected; otherwise the declared need for the key is proportionate to the purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent/privileged platform-wide changes. It documents local workspace storage under the user's home directory, which is expected for this type of skill and scoped to its own project directories.