SocialClaw - Social Claw is a social media scheduling skill for AI agents posting to X, LinkedIn, Instagram, Facebook Pages, TikTok, Discord, Telegram, YouTube, Reddit, WordPress, and Pinterest
ReviewAudited by ClawScan on May 18, 2026.
Overview
This is a coherent SocialClaw publishing skill, but it can post to social accounts and handle workspace credentials, so users should review actions before applying them.
Before installing, understand that this skill is meant to let an agent operate a SocialClaw workspace and publish to connected social accounts. Keep the SC_API_KEY and any bot tokens or webhooks private, review generated schedules before applying them, and install the optional npm CLI only if you trust the package source.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could publish or schedule content to connected social accounts.
The skill can apply schedules that publish content to connected social accounts. This is central to the advertised purpose and disclosed, but it is high-impact public-account activity.
- validate, preview, apply, or inspect scheduled posts and campaigns ... Main workflow ... 7. Validate or preview the post or campaign. 8. Apply it.
Review the target account, content, timing, and media before allowing the agent to apply or publish a schedule.
Anyone with these credentials may be able to operate the SocialClaw workspace or post through connected Telegram/Discord targets.
The skill requires a workspace API key and may handle provider-specific bot tokens or webhook URLs. These credentials are expected for the service and are disclosed.
- Required env: `SC_API_KEY` ... - Auth: workspace API key in `Authorization: Bearer <key>` ... Connect Telegram manually with a bot token ... Connect Discord manually with a channel webhook URL
Use a dedicated SocialClaw workspace key, do not paste full keys into chat unnecessarily, and rotate keys/webhooks if they are exposed.
Installing the optional CLI runs software outside the reviewed instruction files.
The optional CLI is installed from npm and its package code is not part of the provided artifacts. This is purpose-aligned, but users are relying on the external npm package provenance.
[0] node | package: socialclaw | creates binaries: socialclaw, social
Install the CLI only from the expected npm package, keep it updated, and avoid using it if HTTP API access is sufficient.
Media and post content selected for publishing will be sent to SocialClaw and may later be delivered to social media providers.
The workflow uploads selected media files and schedule data to the hosted SocialClaw API. This is disclosed and necessary for a hosted scheduling service.
-F "file=@./image.png" "https://getsocialclaw.com/v1/assets/upload"
Only upload files intended for publication and avoid including private or unrelated local files in schedules.