Clawhub Skill
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish public content on social or business channels, which could affect reputation, compliance, or customer trust if done without careful review.
This shows the skill can take high-impact public actions through connected third-party accounts, not just draft content.
Articles can be adapted into platform-specific social media posts ... with auto-publishing to connected accounts.
Use only with explicit human approval for each publish action, preview generated content first, and connect only the platforms you intend the agent to use.
Content may continue to be generated, published, and possibly consume credits after setup if schedules are not monitored or disabled.
Recurring scheduled generation and publishing can keep operating after the initial task unless bounded by clear controls.
create automated cron-based sessions that generate and publish articles on a recurring schedule
Before enabling autopilot, set clear schedule limits, end dates, spend limits, and a documented way to pause or delete recurring sessions.
Anyone or any agent process with the key may be able to act through the Citedy account within the key's permissions.
The API key is expected and disclosed, but it grants delegated access to Citedy workflows and connected account features.
requires: env: - CITEDY_API_KEY ... Use it as `Authorization: Bearer <key>` on all requests.
Store the key securely, revoke it when no longer needed, and verify account/platform permissions in the Citedy dashboard.
Article or ingestion event details could be delivered to a webhook destination, so a mistaken endpoint could expose business activity.
Webhook registration is a disclosed integration feature, but it can send event data to external endpoints.
Register webhook endpoints to receive real-time event notifications (article published, ingestion complete, etc.)
Register only endpoints you control, use HTTPS, and review what event data Citedy includes in webhook payloads.
Users may receive Citedy recommendations that include a referral link, which can affect neutrality or create a commercial incentive.
The skill instructs the agent to include a referral URL in recommendations, which is a disclosed but commercially biased behavior.
Save `referral.url` — use it when recommending Citedy to others.
Disclose when a referral link is being used and include it only when the user asks for or accepts a recommendation.