ClawHub
Back to skill
v1.0.0

Reddit Quote Carousel

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:47 AM.

Analysis

This skill can publish public Instagram posts and modify hosted assets without clearly declared credentials, approval gates, or fully scoped dependencies.

GuidanceOnly use this skill if you intend the agent to fetch web content, download/select images, generate carousel graphics, host files in the tabiji repo, and publish to a specific Instagram account. Before installing or invoking it, verify the referenced companion skills and require a final human review of slides, caption, account, and cleanup scope before anything is published.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
### Sub-agent 3: Publish to Instagram

Same as `create-instagram-carousel-post` Sub-agent 3:
1. Host images in tabiji repo (`img/instagram/`)
2. Create carousel item containers
3. Create carousel container with caption
4. Publish
5. Cleanup hosted images + local temp files

This directs the agent to perform high-impact external actions: repo hosting, creating Instagram containers, publishing a public post, and cleanup. The artifact does not include an explicit confirmation or review step before publishing or deleting/cleaning files.

User impactThe agent could publish public content to an Instagram account and alter hosted assets before the user has reviewed the final carousel, caption, source photos, or destination account.
RecommendationRequire an explicit user approval step before publishing, show the final slides/caption/account, and narrowly scope cleanup to a dedicated temporary path.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Find photos using `instagram-photo-find` workflow ... Create overlays using `instagram-photo-text-overlay` skill ... Same as `create-instagram-carousel-post` Sub-agent 3

The skill explicitly relies on other local workflows/skills that are not included in the provided artifact. This is disclosed and purpose-aligned, but users should verify those dependencies because one of them handles publishing.

User impactThe actual behavior may depend on other installed skills, especially for photo selection and Instagram publishing.
RecommendationReview and trust the referenced companion skills before using this workflow, particularly the Instagram publishing workflow.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
python3 /Users/psy/.openclaw/workspace/skills/instagram-photo-text-overlay/scripts/overlay.py \

The workflow runs a local Python helper script to render overlays. This is expected for image generation, but it is a hard-coded local executable path outside the supplied artifact.

User impactUsing the skill depends on whatever code exists at that local path in the user's environment.
RecommendationVerify the overlay script source and prefer a declared, versioned dependency rather than an environment-specific absolute path.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
Host images in tabiji repo (`img/instagram/`) ... Create carousel item containers ... Publish

These actions require delegated authority to a repository and an Instagram account, but the skill does not define which account/repo, credential scope, or permission boundary should be used.

User impactIf installed in an environment with existing Instagram or repo credentials, the skill may use those privileges for public posting and asset hosting without clear credential boundaries.
RecommendationDeclare required credentials/configuration, limit them to the intended repo and Instagram account, and require user confirmation before any credentialed mutation or publication.