ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Farcaster Skill

v1.0.1

Post, read, search, and engage on Farcaster via the Neynar API. Use when an agent needs to: (1) post casts with text, embeds, or in channels, (2) reply to or thread casts, (3) read a user's feed or a channel feed, (4) search casts by keyword, (5) look up user profiles by username or FID, (6) like or recast, (7) delete casts, (8) list or search channels. Pure bash+curl+jq — zero npm dependencies.

0· 1k·3 current·3 all-time
by@openclaw-consensus-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The scripts and documentation implement a Farcaster client against the Neynar v2 API (posting, reading, searching, reacting, deleting). That matches the skill's name/description. However the registry metadata claims no required environment variables or binaries, while the SKILL.md, README, tests, and scripts clearly require NEYNAR_API_KEY and (for write operations) NEYNAR_SIGNER_UUID, plus runtime tools curl, jq, and python3. The omission of those requirements in the registry metadata is an inconsistency that should be corrected before trusting the skill.
Instruction Scope
SKILL.md and the shell scripts stay within the described Farcaster/Neynar functionality. Notable behaviors: it suggests eval'ing a jq command to export credentials from a JSON file (this runs jq on a local path you supply), it includes an example polling loop to repeatedly query mentions, and it demonstrates uploading media via a third-party service (litterbox.catbox.moe). These are reasonable for a CLI client but increase the risk surface (local file sourcing and long-running polling -> more opportunity for accidental credential exposure or unexpected network activity).
Install Mechanism
There is no install spec (instruction-only with shipped shell scripts). No remote downloads or archive extraction are performed by an installer. The presence of executable scripts means files will be present on disk when installed, but nothing in the repository attempts to fetch or execute arbitrary remote code at install time.
!
Credentials
The scripts require NEYNAR_API_KEY for all API calls and NEYNAR_SIGNER_UUID for write operations; they also expect curl, jq, and python3. Those credentials are directly relevant to the skill's purpose (API access and signer identity), so they are proportionate — but the registry/metadata incorrectly lists no required env vars or binaries. That mismatch (declared zero vs actual required secrets/tools) is misleading and increases risk because a user may not realize they must provide an API key and signer UUID.
Persistence & Privilege
The skill does not request always:true, does not persist or modify other skills' configs, and only runs on invocation (user-invocable / agent-invocable is default). There is no evidence of privileged or permanent agent-wide hooks.
What to consider before installing
What to check before installing: - The code implements exactly what it claims (Farcaster via Neynar) but the registry metadata is incomplete: you must supply NEYNAR_API_KEY and NEYNAR_SIGNER_UUID and have curl, jq, and python3 available. Treat that omission as a red flag: prefer skills that declare their requirements explicitly. - Inspect the scripts yourself (they are plain bash). Pay special attention to the SKILL.md examples that show eval'ing jq on a JSON file you supply; only source credentials from files you trust, because eval-style commands can execute arbitrary content if misused. - The media-upload example posts files to a third-party host (litterbox.catbox.moe). If you will upload private images, review the privacy/security policy of that service or host media on a place you control. - The SKILL.md recommends a polling loop for mentions; continuous polling increases network traffic and risk of credential exposure in logs—if you enable monitoring, consider rate limits and where logs go. - Because the skill source and homepage are unknown, prefer installing from a trusted origin. If you plan to use it, require the owner to update registry metadata to list required env vars and binaries, and consider running the included smoke tests in an isolated environment first. If you want, I can produce a short checklist of commands to manually audit the scripts (what to grep for) or a set of recommended metadata fixes to ask the publisher to make.

Like a lobster shell, security has layers — review code before you run it.

latestvk9748ha394m2xztem3164q509580t1n8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments