Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Post to X Enhanced

v3.0.0

Posts content and articles to X (Twitter). Custom fork with image upload fix: DOM.setFileInputFiles first, path leak cleanup, post-publish verification. Use...

⭐ 0· 72·0 current·0 all-time

by@praguepp

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoPosts externally

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (posting to X via Chrome CDP) align with the included scripts. Required runtimes (bun or npx), Chrome, and OS automation tooling (osascript/swift/xdotool/ydotool) are reasonable and expected for a browser-automation posting tool.

ℹ

Instruction Scope

SKILL.md instructs the agent to run TypeScript scripts from the skill folder which will launch Chrome, manipulate the DOM via CDP, copy/paste to the system clipboard, and may download remote images (HTTPS only). The runtime instructions explicitly require Accessibility permissions (macOS) and will create/use a persistent Chrome profile directory. These actions are within the scope of publishing to X but do involve system-level automation (clipboard, keystrokes, profile directories) that users should be aware of.

✓

Install Mechanism

This is instruction-only (no installer). All code is bundled with the skill; there are no downloads from unknown servers during install. The package uses local Node/Bun execution and bundled vendor code, so install risk is low.

ℹ

Credentials

The skill does not request secrets or cloud credentials. It does rely on many local tools (swift, osascript, xdotool/ydotool, pgrep/ps) and will read/write Chrome profile directories (and checks for DevToolsActivePort in user Chrome dirs). Access to the Chrome profile filesystem and the system clipboard is proportionate to the functionality but is sensitive — using an isolated profile is recommended.

✓

Persistence & Privilege

always:false and default model invocation are used. The skill launches Chrome with detached:true (so Chrome can outlive the parent process) and creates/uses a profile directory under user data; this is expected for persistent login but not an elevated platform privilege beyond normal file creation and launching processes.

Assessment

What this skill will do if you install/run it: it will launch a real Chrome instance, create/use a Chrome profile directory (can create files under your home/config), copy images or HTML into the system clipboard, and send real paste keystrokes (osascript / xdotool / PowerShell) which requires granting Accessibility/clipboard permissions on macOS/other OS-level abilities on Linux/Windows. It does download remote images over HTTPS when publishing articles. It does not ask for API keys or cloud credentials. Before installing: (1) confirm you trust the skill source (the README links to a GitHub repo), (2) prefer using an isolated Chrome profile (the skill supports creating one) rather than your main browser profile, (3) review/approve Accessibility permission prompts and understand that clipboard contents will be overwritten during operations, and (4) run the provided pre-flight check script (check-paste-permissions.ts) first. If you are concerned about local automation or data exposure, run the skill in a VM/container or inspect the scripts yourself — the code is bundled and readable in this package.

✗

scripts/check-paste-permissions.ts:69