X Auto-Tweet (Browser)

OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 7 This skill is classified as suspicious due to its extensive use of browser automation (Playwright) to control the user's logged-in X.com session, as seen in `scripts/*.js`. It also employs clear prompt injection techniques within `SKILL.md`, `WORKFLOW.md`, and `scripts/check-trends.js` to instruct the OpenClaw agent to perform browser actions and communicate via Telegram for tweet approval. While these actions are aligned with the stated purpose of automating X posts, the powerful capabilities of browser control and explicit instructions for external communication (Telegram) represent a significant risk if the agent or skill instructions were compromised, even without clear evidence of intentional malicious behavior in this specific bundle.