Buffer MCP
PassAudited by ClawScan on May 14, 2026.
Overview
This no-code Buffer guidance skill is coherent and approval-focused; users should mainly notice that Buffer credentials and approved writes can affect social media accounts.
This skill appears safe and proportionate for Buffer publishing workflows. Before installing or using it, make sure the Buffer MCP credential is stored securely, use the official Buffer MCP URL, and only give precise approval when you are ready for the exact draft, schedule, publish, update, or delete action to happen.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent could make changes to Buffer posts that may become public or affect scheduled social media content.
The skill can guide use of Buffer tools that create, schedule, publish, update, or delete social content, but it clearly discloses the impact and requires explicit approval.
Buffer write tools can affect public or scheduled social content. Use explicit current-conversation approval for each write.
Only approve writes when the account, channel, action, final content, media, schedule time, and public impact are all correct.
Anyone or any configured tool with access to that credential may be able to act within the Buffer permissions granted to it.
The skill requires a Buffer bearer credential for MCP access; this is purpose-aligned and disclosed, with appropriate secret-storage guidance.
Header value: Bearer <credential> ... Buffer credentials grant delegated access according to Buffer's permissions. Store them in a secret manager or SecretRef and rotate them if exposed.
Store the credential only in a trusted secret manager or OpenClaw SecretRef, avoid pasting it into chat, and rotate it if it is exposed.
Post drafts, media references, channel identifiers, and scheduling details may be sent to Buffer as part of the requested workflow.
The skill relies on an external MCP endpoint and discloses the intended data sent to Buffer; the destination and scope are clear and purpose-aligned.
URL: https://mcp.buffer.com/mcp ... Only send post text, media references, channel IDs, and scheduling details to Buffer when that is expected for the requested workflow.
Use the official Buffer endpoint unless you deliberately trust another server, and avoid sending unrelated private content through the MCP workflow.