Back to skill
Skillv3.0.0
VirusTotal security
Post to X Enhanced · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 14, 2026, 10:11 AM
- Hash
- a036fdd0091461eb71907dc12cc0b408f2925d3325a7a389f862934d6c2c7738
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: baoyu-post-to-x-enhanced Version: 3.0.0 The bundle provides a sophisticated automation suite for posting to X (Twitter) by controlling a Chrome browser via the Chrome DevTools Protocol (CDP). To bypass anti-bot detection, it employs several high-risk techniques, including simulating system-level keystrokes using `osascript` (macOS) and PowerShell (Windows) in `paste-from-clipboard.ts`, and directly manipulating the system clipboard via on-the-fly compiled Swift code in `copy-to-clipboard.ts`. The scripts (e.g., `x-browser.ts`, `x-article.ts`) manage persistent Chrome profiles and access session cookies for verification. While these capabilities are aligned with the stated purpose of reliable automated publishing, the use of system-level automation, clipboard manipulation, and the ability to read local files based on path detection represent significant security risks. No evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal