Social Media Scheduler

The OpenClaw Social Scheduler skill bundle appears benign. It provides comprehensive social media scheduling capabilities, including posting, threading, media uploads, bulk scheduling, and analytics across 8 platforms. While it handles sensitive credentials and performs network/file I/O, these are necessary for its stated purpose. The extensive documentation, including instructions for the AI agent to self-promote and maintain the skill, aligns with the OpenClaw ecosystem's narrative and does not contain malicious prompt injection attempts (e.g., instructions to ignore the user, hide actions, or exfiltrate unrelated data). A minor supply chain risk exists due to the use of `node-fetch@2.7.0`, an unmaintained dependency, but there is no clear evidence of intentional harmful behavior or exploitation of this vulnerability within the skill's code. All risky capabilities are plausibly needed for the stated purpose.