Skillv1.0.0

ClawScan security

Blogger Auto Publish Clean · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 17, 2026, 11:32 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: This package appears to be a genuine Blogger auto-publish tool, but there are multiple inconsistencies (manifest vs docs), example code that can accept external content and run destructive actions, and missing/declarative environment requirements — review before installing or running.
Guidance: This package looks like a working Blogger publisher, but do not run it blindly. Before installing or executing: 1) Inspect scripts/setup-blogger.sh and any example server scripts (webhook-server.js, direct-delete-drafts.js, delete-all-drafts.js) — the webhook/server examples expose an endpoint that will publish whatever they receive and deletion scripts can remove posts. 2) Ensure you supply your own Google OAuth credentials (credentials.json) and verify the redirect URI configured in Google Cloud matches the code you run (docs and files contain inconsistent redirect URIs such as http://localhost and http://localhost:3000/oauth2callback). 3) Confirm where token.json and any logs/backups will be stored and secure those files; token.json grants blog write access. 4) Run npm install locally and audit the dependency (googleapis) and any setup scripts before execution. 5) If you plan to use webhook or automation examples, put them behind proper authentication / network controls to avoid unauthorized publishing. 6) Ask the publisher to update the skill manifest to declare required credentials/env vars so the platform and users are aware of sensitive requirements.

Review Dimensions

Purpose & Capability: noteThe code, README, and SKILL.md implement a Markdown-to-Google-Blogger publisher (OAuth flow, publish/list/delete, batch processing). That matches the skill name and description — the requested capabilities are coherent with a Blogger integration. However, the registry metadata declares no required environment variables or primary credential while the runtime docs and code clearly require Google OAuth credentials (credentials.json / token.json) and a BLOG_ID. The manifest omission is an inconsistency that reduces transparency.
Instruction Scope: concernSKILL.md and the included scripts instruct the agent/user to read and write credentials.json and token.json, to store token.json in the skill directory, and to run various management utilities (delete-all-drafts, direct-delete-drafts, delete-test-posts). The references/EXAMPLES include a webhook server example and migration scripts that accept external content and then publish it. Those examples are within the repo but, if run as-is, would expose an HTTP endpoint that accepts content and creates posts — this increases blast radius if the user runs the example without securing it. The skill also includes deletion utilities that can remove posts; those are expected for management but are destructive and should be used cautiously.
Install Mechanism: noteThere is no install spec in the registry (instruction-only install), but package.json and setup scripts are present and the docs instruct users to run 'npm install googleapis@latest'. Using npm to install googleapis from the public registry is expected and reasonable. Because the skill includes a setup script (scripts/setup-blogger.sh), users should inspect that script before executing it. The lack of an automated install spec in the manifest means the platform will not automatically fetch dependencies — user must run installs locally (lower supply-chain risk from platform automation but still requires fetching a public npm package).
Credentials: concernThe skill legitimately needs Google OAuth credentials (credentials.json), a BLOG_ID, and optional env vars (CREDENTIALS_PATH, TOKEN_PATH, POSTS_DIR, etc.). Those needs are documented in SKILL.md and config files, but the registry metadata lists no required environment variables or primary credential. This mismatch is important: installing via the platform may not surface that the skill requires sensitive OAuth credentials. The config also exposes options for webhooks, email/chat notification webhooks, and saving API responses; those integrations could be used to exfiltrate data if misconfigured or if example webhook code is run. The need for OAuth tokens and blog write permission is proportional to the purpose, but the manifest should explicitly declare credential requirements.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide agent settings. It writes token.json and may create logs/backups in its directory as part of normal OAuth usage — this is expected and proportionate. The examples that run servers or scheduled scripts would create persistent services only if a user runs them; that is not automatic in the skill manifest.