PipePost
Security checks across malware telemetry and agentic risk
Overview
PipePost appears to be a legitimate content-publishing integration, but it can run a local CLI, publish AI-generated content to external destinations, and even suggests scheduled automation without strong built-in guardrails.
Install only if you want OpenClaw to curate and potentially publish content for you. Keep approvals on for live `pipepost_run`, use dry-run first, restrict configs and destinations to trusted paths/endpoints, and do not allow cron scheduling unless you intentionally want ongoing automated publishing.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could publish generated content to a configured blog, webhook, or Telegram destination if it invokes the run tool without dry-run.
The live run tool can publish according to a config, and preview mode is optional rather than enforced with an artifact-level confirmation or destination allowlist.
description: "Run a PipePost flow pipeline. Scouts sources, translates, and publishes content according to the flow config." ... dryRun: Type.Optional(Type.Boolean({ description: "Run without publishing (preview mode)" }))Keep tool approval enabled, run dry-runs first, and only allow live runs for reviewed configs and trusted destination URLs.
Scheduled jobs could continue running and publishing content after the initial setup unless the user notices and disables them.
The skill instructs the agent to create scheduled automation, but the artifacts do not show clear opt-in, limits, or cleanup controls for that persistent behavior.
The agent will: 1. Call `pipepost_init` ... 3. Call `pipepost_run --dry-run` to preview results 4. Set up a cron schedule for automated runs
Only permit cron or other schedules when explicitly requested, review the exact schedule and command, and document how to disable it.
The installed PipePost binary and its dependencies run with the permissions of the OpenClaw process.
The plugin executes a local PipePost binary. This matches the documented design and uses execFile rather than a shell, but it still gives the skill local command-execution capability.
const child = execFile(bin, args, { timeout, maxBuffer: 10 * 1024 * 1024, encoding: "utf-8" }, ...)Install PipePost from a trusted source and avoid configuring `pipepostBin` to arbitrary or untrusted executables.
Your LLM API key may be used by the underlying PipePost pipeline, and content may be sent to the configured model provider.
The skill expects an OpenAI-compatible provider credential, which is normal for AI translation/scoring, but registry metadata declares no required env vars or primary credential.
export OPENAI_API_KEY="your-api-key" export OPENAI_API_BASE="https://api.openai.com/v1"
Use a least-privileged API key where possible, set usage limits, and ensure the configured API base is the provider you intend.
A compromised or unexpected package/source checkout could affect what code runs under OpenClaw.
The setup relies on an external Python package or source install and documents use of an unsafe install flag. These are user-directed installation steps, not automatic execution.
pip install pipepost ... openclaw plugins install /path/to/openclaw-pipepost --dangerously-force-unsafe-install
Prefer the ClawHub package or pinned, trusted releases; avoid unsafe local installs unless you have reviewed the source.