ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

social-postcjo

v1.0.0

Post and reply on Twitter and Farcaster with character limit checks, image support, threads, link shortening, and draft preview.

0· 569·0 current·0 all-time
by@mupengi-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The described functionality (posting/replying to Twitter/X and Farcaster) matches what the SKILL.md asks you to do. However, the metadata claims 'no required env vars' and 'no required config paths' while the SKILL.md explicitly asks you to store Twitter keys in ~/.openclaw/.env and Farcaster keys in ~/.openclaw/farcaster-credentials.json. That mismatch between declared requirements and the instructions is inconsistent.
!
Instruction Scope
The SKILL.md tells the agent/user to create and store sensitive credentials (Twitter consumer/access tokens and Farcaster custody/signer private keys) in specific files and to run scripts (scripts/post.sh, scripts/reply.sh, scripts/check-balance.sh) that are not present in the package. It also references an absolute path (/home/phan_harry/.openclaw/.env) in places and ~/.openclaw elsewhere. Asking for plaintext private keys and directing the agent to run unspecified scripts expands the scope beyond a simple instruction-only skill and is a red flag.
Install Mechanism
There is no install specification and no code files — lowest disk write risk. However, the SKILL.md expects local helper scripts and other skills (farcaster-agent) to exist. Because those scripts are not included, the instructions are incomplete and may lead users to fetch or run external code without guidance.
!
Credentials
Requesting Twitter API keys and Farcaster custody/signing private keys is proportionate to the goal of posting on those platforms, but the skill metadata does not declare those requirements. The instructions further recommend storing private keys and tokens in plaintext files in specific locations (including a user-specific absolute path), which is risky. The SKILL.md also suggests enabling billing and funding a custody wallet — expected for Farcaster but increases risk if done under unclear provenance of scripts.
Persistence & Privilege
The skill is not set to always: true and does not declare modifications to other skills or system-wide settings. However, it instructs storing persistent credentials in a local directory (~/.openclaw), which gives the skill persistent access to secrets if the environment later runs the scripts it references. That persistence is normal for CLI-based posting tools but should be explicit in metadata.
What to consider before installing
This skill looks like a reasonable social-post helper, but there are important inconsistencies you should resolve before using it: - The SKILL.md expects local scripts (scripts/post.sh, scripts/reply.sh, scripts/check-balance.sh) and other skills (farcaster-agent) but the package contains no code — ask the author where those scripts come from and inspect them before running. - The metadata claims no required env or config paths, but the instructions tell you to store secrets in ~/.openclaw/.env and ~/.openclaw/farcaster-credentials.json (and even reference /home/phan_harry). That mismatch is suspicious — confirm the canonical config locations and update metadata. - The skill asks you to place private keys (custodyPrivateKey, signerPrivateKey, Twitter tokens) in plaintext files. If you proceed, restrict file permissions (chmod 600), keep backups secure, and prefer OAuth or delegated auth flows where possible. Do not paste private keys into unknown web forms or pastebins. - Do not run any scripts downloaded from untrusted sources. If the scripts are provided elsewhere, review their contents for network calls, uploads, or exfiltration before executing. - Consider testing with a throwaway account and using dry-run modes first (the SKILL.md mentions --dry-run). Ask the publisher for: the missing scripts, a clear list of required env vars/config paths, and why absolute user paths appear in the docs. If the author cannot produce the referenced scripts or explain the metadata mismatch, treat the skill as untrusted and avoid providing your real credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a4314vhjj2ja5xv4pkqs9ps817tx1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments