v1.0.2

Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:17 AM.

Analysis

The skill mostly does what it claims for VK community management, but it asks for broad long-lived VK account authority and can post, message users, upload files, and run ongoing message polling without strong built-in limits.

GuidanceInstall only if you are comfortable giving the agent VK community-management authority. Use the least-privileged, revocable token possible, confirm every post/message/media upload before execution, limit polling duration, avoid auto-mark-as-read unless intentional, and never pass sensitive local files as media paths.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/vk_cli.js

post <token> <owner_id> <message> [attachments] ... message <token> <peer_id> <text> [group_id] ... mark-as-read <token> <peer_id>

The CLI exposes direct commands that can publish public/community content, send messages, and change message read state. The artifacts do not show confirmation, preview, or scoping controls around these high-impact actions.

User impactAn incorrect or autonomous invocation could publish the wrong content, message users as the community, or mark user conversations as read.

RecommendationRequire explicit user approval before posting, messaging, uploading media, or marking messages read; preview content and target IDs before execution.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

scripts/vk_cli.js

while (true) { ... if (markRead === '1') { await callVk('messages.markAsRead', { peer_id: msg.peer_id }, token); }

The polling mode loops indefinitely unless wait_seconds is provided, and it can automatically mark incoming messages as read.

User impactThe skill can continue monitoring VK messages longer than intended and silently change read status while it runs.

RecommendationUse a short wait_seconds limit, avoid auto-mark-as-read unless explicitly desired, and stop polling jobs when the task is complete.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

references/api.md

User Token: Дает полные права администратора... Токен должен иметь следующие права (scope): `wall,groups,photos,video,messages,offline`.

The skill recommends a User Token with full administrator-style rights and an offline/non-expiring scope. That is broad, long-lived account authority for posting, media, groups, and messages.

User impactIf the token is misused or exposed, someone could act with broad VK community/user authority for an extended period, including posting content and accessing messages.

RecommendationUse the narrowest token that works, prefer a community token where possible, avoid offline/permanent tokens unless truly needed, store the token securely, and revoke it after use.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/vk_cli.js

console.log(`Text: ${msg.text}`);

Incoming VK visitor messages are printed into the agent-visible output. These messages are external user content and may be sensitive or contain instructions that should not be treated as authoritative.

User impactA visitor message could influence the agent’s next response if it is treated as trusted instructions rather than untrusted conversation content.

RecommendationTreat retrieved VK messages as untrusted user input, do not follow instructions embedded in them unless the account owner confirms, and avoid storing or reusing sensitive message text unnecessarily.