ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Social Scheduler

v0.1.0

Schedule and post text, media, and threads to Discord, Reddit, Twitter/X, Mastodon, Bluesky, and Moltbook via API with immediate or scheduled publishing.

0· 2.3k·10 current·10 all-time
byShilatdoesai@mrshorrid
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill implements a multi‑platform social scheduler (Discord, Reddit, Twitter/X, Mastodon, Bluesky, Moltbook) and includes platform modules and media upload code consistent with that purpose. However the registry metadata declares no required environment variables or config paths while the documentation and code expect user-provided API keys/config JSON files (and contain references to a local '.credentials/moltbook.json'), which is an inconsistency between declared requirements and actual usage.
Instruction Scope
SKILL.md instructs agents/users to run npm install and node scripts (post.js, schedule.js, upload-media.js, etc.) and provides examples that reference local config files and environment variables (e.g., process.env.WORKSPACE_ROOT). The instructions do not explicitly instruct wide system scanning or exfiltration, but they do rely on reading local credential files and env vars that are not declared in the registry metadata — the agent will need to read/store API credentials to function.
Install Mechanism
There is no registry install spec; the README and SKILL.md require running 'npm install' which pulls multiple npm packages (twitter-api-v2, @atproto/api, mastodon-api, node-fetch, form-data, etc.). Pulling from npm is expected for a Node CLI but is a moderate‑risk install vector compared with instruction‑only skills. The package-lock is present and shows legitimate, traceable npm packages rather than suspicious download URLs.
!
Credentials
Although the registry lists no required env vars or config paths, the code/docs require per‑platform credentials (API keys, OAuth tokens, webhook URLs) passed via JSON files, CLI args, or environment variables. More concerning: build notes claim '.credentials/moltbook.json' exists and 'we have' working credentials — this could mean the build expected or referenced local credential files. The skill does not justify asking for unrelated secrets, but the lack of declared config paths vs. the runtime need to read credential files is an incoherence that could lead to accidental credential exposure if default paths are used.
Persistence & Privilege
The skill does not request always:true and will not be force‑included; it is user‑invocable and allows autonomous invocation (platform default). It does not appear to modify other skills or system configs. Running a scheduler daemon is normal for its purpose and does not by itself indicate excessive privilege.
Scan Findings in Context
[no_pre_scan_injection_signals] expected: Static pre-scan injection signals: none detected. This is consistent with a codebase that primarily uses standard npm packages for API clients and upload handling. The package-lock shows many network-capable libraries (expected for this skill).
What to consider before installing
This skill appears to implement the described multi-platform scheduler, but review the following before installing: - Credentials: The skill expects platform API tokens/keys (Twitter, Reddit, Mastodon, Bluesky, Moltbook, Discord webhooks). The registry metadata declares no required env vars/config paths, yet the docs and examples expect config JSON files or .credentials/*.json. Confirm there are no hardcoded or bundled credentials in the package (search for strings like 'moltbook_sk_' or other API keys) and do not point the skill at any system credential stores you aren’t willing to expose. - Installation: 'npm install' will download standard npm packages. If you will run this code, do so in an isolated environment (container or VM) and review package.json/package-lock for unexpected dependencies or postinstall scripts. - Operation: The scheduler runs CLI/node scripts that will read local files (config JSONs, .credentials) and perform network calls to social platforms. Ensure you provide only the minimum credentials needed, and prefer per‑platform limited-scope tokens where available. - Autonomy & scope: If you don't fully trust the skill, avoid enabling autonomous invocation or running the scheduler daemon with keys accessible to other processes. Test posting with throwaway/test accounts first. What would change the assessment: included/bundled API keys, references to unknown external endpoints or URL shorteners, or code that reads unrelated system config files would escalate to 'malicious'. Conversely, if maintainers update the registry metadata to declare required config paths/env vars and provide a minimal, audited dependency list with no bundled credentials, the assessment could be upgraded to 'benign'.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cq0dmp7ryv31ssss3b729k980f1vv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments