ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Buffer Publisher

v1.0.1

Publish social media posts to LinkedIn and Twitter/X via Buffer GraphQL API. PRIMARY and ONLY tool for social publishing (Typefully cancelled 2026-03-25). Us...

0· 54·1 current·1 all-time
byNissan Dookeran@nissan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description and the instructions all describe publishing to Buffer GraphQL for LinkedIn and Twitter/X, which is coherent with the declared purpose. However the skill claims no required credentials/binaries in registry metadata while the SKILL.md explicitly expects a Buffer API key and shows curl usage.
!
Instruction Scope
SKILL.md instructs the agent to use a Buffer API key (op://OpenClaw/Buffer API Credentials/credential) and includes Python examples that call subprocess.run to invoke curl. The registry metadata lists no required env vars/config paths and claims 'no shell exec required', so the instructions access secrets and binaries that are not declared and therefore expand the agent's runtime scope unexpectedly.
!
Install Mechanism
This is instruction-only (no install spec) which is low-risk, but the examples require the curl binary. Metadata lists 'required binaries: none' — a mismatch. If the runtime will use curl, that dependency should be declared or examples should use a native HTTP client.
!
Credentials
The SKILL.md clearly requires a Buffer API key (and points to a 1Password path). Requesting that credential is reasonable for a publishing skill, but the skill metadata does not declare any primary credential or required env vars/config paths. The omission makes it unclear how the agent accesses the secret and whether least privilege is enforced.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system settings. Autonomous invocation is enabled (default) but that is normal; there is no evidence the skill requests elevated persistence or system-wide privileges.
What to consider before installing
This skill appears to do what it says (post to Buffer) but the SKILL.md expects a Buffer API key and use of curl while the registry metadata declares no credentials or binaries. Before installing: (1) verify where and how the Buffer API key will be provided (the skill should declare a primaryEnv or required config path rather than embedding op:// paths only in docs); (2) confirm the runtime environment has curl or ask for examples using native HTTP libraries instead of subprocess.exec; (3) validate the skill author/source (homepage is missing); (4) consider testing in a restricted/staging agent with a limited Buffer account to observe behavior; and (5) ask the author to update the metadata to explicitly list required credentials and binaries and to remove the contradictory 'no shell exec required' note. If you cannot verify these points, treat the skill as risky to install in a production agent.

Like a lobster shell, security has layers — review code before you run it.

latestvk976aj40srvs6xga9bprwsrrcd83rr32

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📢 Clawdis

Comments