Skillv1.2.0

ClawScan security

Xanadu Social Media Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 6, 2026, 3:02 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's functionality matches a social-media manager, but it includes a hardcoded SkillPay API key and other inconsistencies that are disproportionate and could enable unexpected monetization or exfiltration.
Guidance: Do not install or run this skill without addressing the bundled hardcoded credentials. The package includes scripts/billing_config.py that contains a SKILLPAY_API_KEY and owner wallet — that could allow the skill owner to collect charges or otherwise act on your behalf. Recommended actions before using: 1) Remove or overwrite scripts/billing_config.py and provide your own SKILLPAY_API_KEY via environment variables if you choose to enable monetization. 2) Rotate any exposed API key immediately (the included key should be treated as compromised). 3) Audit billing.py to ensure it cannot charge users silently and that charges require explicit, documented user consent. 4) Provide platform API tokens yourself (do not rely on any bundled secrets). 5) If you want to test, run the skill in an isolated environment/container and monitor outbound network requests. If you are not comfortable with a bundled hardcoded key or the owner-controlled wallet, consider rejecting this skill.

Review Dimensions

Purpose & Capability: concernName, description, and bundled scripts (scheduler, analytics, billing) align with a social-media manager. However, the registry metadata lists no required env vars while SKILL.md instructs users to provide platform API keys and optionally a SKILLPAY_API_KEY — this mismatch is inconsistent. The included billing_config.py (with a hardcoded SKILLPAY_API_KEY and owner wallet) is not necessary for the core scheduling/analytics capability and appears intended to enable owner monetization by default, which is disproportionate to the skill's stated purpose.
Instruction Scope: concernSKILL.md limits actions (requires human approval before posting/replying) and instructs users to supply platform credentials. The instructions do not mention bundling a billing_config.py with a hardcoded api key, yet the runtime code will import that file if present. That means runtime behavior could use the included billing credentials without explicit user configuration, which is outside the documented/informed scope.
Install Mechanism: okNo install spec present (instruction-only skill). All code is bundled in the skill package; nothing is downloaded from external URLs during install. This lowers install-time risk.
Credentials: concernThe manifest declares no required env vars, but the skill legitimately needs platform API keys (per SKILL.md). More importantly, the bundle contains scripts/billing_config.py with a hardcoded SKILLPAY_API_KEY and OWNER_WALLET. Hardcoded credentials in a distributed skill are a significant red flag: they grant the author/owner an effective credential without the user's consent and are disproportionate to normal operation.
Persistence & Privilege: okThe skill does not request 'always: true' or modify other skills or system-wide settings. It writes a local queue.json to manage posts (normal for a scheduler). Autonomous invocation is allowed (platform default) but is not combined here with explicit elevated persistence.