Openclaw Social Scheduler
Security checks across malware telemetry and agentic risk
Overview
This looks like a real social media scheduler, but it needs review because the artifacts indicate hardcoded social-account secrets and persistent scheduling of posts/credentials.
Review the source before installing. If you proceed, rotate any exposed credentials, avoid passing secrets directly on the command line, use dedicated low-privilege social accounts, inspect what the queue file stores, and test with non-public accounts before allowing the daemon to post.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A real embedded token could let the skill, its users, or anyone with the package post or upload media using an account that did not intend to delegate access.
The static scan reports a hardcoded API token literal in a platform module; similar findings also appear for Twitter/X and media upload files.
access_token: [REDACTED],
Do not use this package until the publisher removes all embedded secrets, rotates the exposed tokens, and requires credentials only via user-controlled config or environment variables.
API keys or webhook URLs passed on the command line can be exposed through shell history, process listings, logs, or scheduler storage.
The documentation encourages passing an API key directly as a command-line argument for scheduled posting.
node scripts/schedule.js add moltbook "moltbook_sk_YOUR_API_KEY" "Scheduled post!" "2026-02-02T20:00:00"
Use config files with restricted permissions or environment variables instead of raw secrets on the command line, and use least-privilege tokens dedicated to this scheduler.
Scheduled content and possibly credential arguments may remain on disk after setup or posting, where other local users, backups, or later agents could read or reuse them.
The skill documents persistent scheduled-post storage; combined with schedule commands that accept raw config/API-key arguments, this may persist sensitive account material and post content.
storage/queue.json # Scheduled posts storage
Before installing, confirm what queue.json stores, whether secrets are redacted or encrypted, and how completed or canceled posts are removed.
If an agent schedules or runs the daemon with the wrong content, account, or time, it can publish publicly without another manual check.
The skill intentionally automates posting to external social platforms; this is aligned with its purpose but can create public account actions.
Automatic posting via scheduler daemon
Use a dedicated test account first, review the queue before starting the daemon, and grant only the scopes needed for the intended platforms.
Posts can be published later while the daemon is running, even after the original scheduling interaction is over.
The skill includes a user-started scheduler daemon that continues checking and publishing scheduled posts.
node scripts/schedule.js daemon
Run the daemon only when needed, monitor the queue, and stop it when scheduled posting is not desired.