Cross Platform Content Syncer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, private, or poorly transformed article could be published or scheduled across multiple public channels before the user reviews the final platform-specific versions.
The skill is designed to perform high-impact write actions on public publishing platforms. The visible artifact does not require a final preview or explicit confirmation before publishing or scheduling.
"automatically sync to all others" and "Publish immediately or schedule for specific dates/times"
Require explicit user confirmation before each publish, schedule, batch sync, or subscriber distribution action; prefer draft creation and preview links as the default.
If the tokens are broad, the agent may be able to publish, notify, or alter content across several business or creator accounts.
These credentials grant delegated authority over multiple external accounts. The artifact does not visibly specify minimal token scopes, organization/account boundaries, or whether credentials are limited to draft-only or publish-capable actions.
"WORDPRESS_API_KEY", "SUBSTACK_API_KEY", "MEDIUM_API_TOKEN", "LINKEDIN_ACCESS_TOKEN", "SLACK_WEBHOOK_URL"
Use least-privilege credentials, separate draft-only and publish-capable tokens where possible, and document exactly which scopes and accounts the skill is allowed to use.
A single bad instruction, wrong article, or formatting error could be amplified into multiple public posts or emails.
The examples show batch and delayed cross-platform publishing. Without visible containment or checkpointing, one incorrect source selection or transformation could propagate across multiple platforms over time.
"Sync my last 5 published WordPress articles to Medium" and "then Medium (24 hours later), then LinkedIn (48 hours later)"
Add dry-run summaries, per-item approval for batch jobs, platform-by-platform checkpoints, and an easy cancellation path for scheduled jobs.
Private drafts, unpublished edits, or older versions may remain accessible in Google Drive or related backup locations.
The skill discloses persistent external storage of original and synced content. This is purpose-aligned for backups, but users should understand that drafts and historical versions may remain stored outside the publishing platforms.
"Auto-backup all synced content to Google Drive" and "Maintain version history"
Clearly define backup folders, retention periods, access controls, and whether unpublished drafts are included.
A queued or retried publishing action could happen later than expected unless the user can inspect and cancel it.
The skill describes ongoing queued and retrying behavior. This appears related to the publishing workflow, but users need visibility and cancellation controls for actions that may continue after the initial prompt.
"Queue management with priority levels" and "Automatic retry on failed syncs (with exponential backoff)"
Expose queue status, retry limits, expiration times, and a clear stop/cancel command for every scheduled or retrying job.