Back to skill
Skillv1.0.1
ClawScan security
OnlyBots Farcaster Channel Engagement · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 7:39 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, dependencies, and required credentials line up with its stated purpose (posting and engaging in the /onlybots Farcaster channel); nothing appears disproportionate or covert.
- Guidance
- This skill appears to do what it says: it will post and reply in the /onlybots Farcaster channel and optionally register cron jobs on your OpenClaw gateway to run those scripts automatically. Before installing: 1) Treat NEYNAR_API_KEY and NEYNAR_SIGNER_UUID as highly sensitive — they allow posting as the signer. Use a dedicated account or key if possible. 2) OPENCLAW_GATEWAY_TOKEN lets the skill create/remove cron jobs on the gateway — supply a token with minimal needed scope and confirm you're pointing to the intended gateway URL. 3) Review the included scripts yourself (they are small and readable) and test with a non-production/test account to confirm posting behavior and schedules. 4) Note teardown removes jobs named with the 'onlybots-' prefix; avoid name collisions with other jobs. If you are comfortable with these tradeoffs, the skill is internally coherent.
Review Dimensions
- Purpose & Capability
- okThe name/description (Farcaster channel posting + engagement) matches the code and declared requirements: NEYNAR_API_KEY and NEYNAR_SIGNER_UUID to post via Neynar, FARCASTER_USERNAME for filtering, and OPENCLAW_GATEWAY_TOKEN to register cron jobs via the OpenClaw gateway. Required binaries (node, openclaw) are used by the scripts.
- Instruction Scope
- okSKILL.md and the scripts only read the local config.json and .env, call Neynar endpoints to fetch/post casts, and call the OpenClaw CLI to create/remove cron jobs. The scripts do not read arbitrary system files, network endpoints other than Neynar/OpenClaw, nor perform unexplained data exfiltration. The SKILL.md example also references OPENCLAW_GATEWAY_URL (optional) — this is used in code as an override.
- Install Mechanism
- okInstall spec only pulls the small, well-known dotenv package via Node; no downloads from arbitrary URLs or archive extraction. Code is plain JS with no obfuscation.
- Credentials
- noteRequested env vars are justified by functionality. Note that OPENCLAW_GATEWAY_TOKEN is a powerful credential (it can manage cron jobs on the gateway) — it is necessary for the advertised cron setup, but grants operational ability beyond simply posting (create/remove jobs). Ensure you grant a token with appropriate scope and not reuse high-privilege tokens.
- Persistence & Privilege
- notealways:false and autonomous invocation are normal. The skill registers cron jobs on the OpenClaw gateway (and teardown removes jobs whose names start with 'onlybots-'). Teardown could remove other jobs that share that prefix; this is a naming-collision risk rather than covert privilege escalation.