ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Social Ops

Role-based social media operations skill. Use this skill when executing structured social campaigns — scouting opportunities, crafting content, posting, resp...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 604 · 9 current installs · 9 all-time installs
byDoug Smith@dougbtv
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and role docs require a SOCIAL_OPS_DATA_DIR and rely on the openclaw CLI and Moltbook interactions, but the registry metadata lists no required env vars or binaries. The included installer script (install-cron-jobs.sh) calls 'openclaw' and python3. These platform/CLI dependencies are coherent with a cron-based social automation tool, but the skill's declared requirements are incomplete/mismatched.
!
Instruction Scope
Runtime instructions and role docs instruct agents to read and write many local files under $SOCIAL_OPS_DATA_DIR, to read optional local-file references (which can point to arbitrary local files), and to write state at {baseDir}/../state/comment-state.json. The cron-job prompts also instruct the agent to 'use credentials file auth and complete verification challenge if pending' (credentials handling is referenced but not declared). Reading arbitrary local files plus using platform credentials is beyond a narrow 'posting helper' and could expose sensitive local data if misconfigured.
Install Mechanism
There is no external binary download; the skill is instruction-first with one included installer script. The script upserts cron jobs via the openclaw CLI and uses an embedded multi-line prompt as cron job messages. No network downloads or obscure URLs are used, so install risk is moderate; however the script will modify OpenClaw cron jobs (scheduler) which is a privileged action and should be audited before running.
!
Credentials
SKILL.md requires SOCIAL_OPS_DATA_DIR (required) but the registry metadata lists no required env vars — an inconsistency. The skill expects credentials/verification for Moltbook operations (mentions 'credentials file auth' and API calls in docs) but does not declare any credential env vars or primary credential. That gap means the skill will rely on implicit platform credentials (not surfaced to the operator) or undocumented files.
Persistence & Privilege
always:false (good). The included script will create/modify cron jobs via openclaw cron add/edit, enabling automated task scheduling for the skill — a normal capability for an automation skill but a meaningful privilege. It does not request forced permanent inclusion, but installing the cron jobs gives it repeated autonomous runs; inspect scheduled messages and sessions before enabling.
What to consider before installing
This skill appears to implement a plausible role-based social automation system, but several mismatches and missing declarations mean you should be cautious before installing: - Inconsistency checks: SKILL.md requires SOCIAL_OPS_DATA_DIR and the scripts call 'openclaw' and python3, but the package metadata lists no required env vars or binaries. Confirm those requirements with the author or set them deliberately. - Cron installer: The included script will upsert OpenClaw cron jobs (create or edit scheduled runs). Run it with --dry-run first to see proposed commands, and review any cron-job messages and schedules before enabling. Only run the script if you trust the repository and understand the jobs it will create. - Local file access: The skill is designed to read/write many files under $SOCIAL_OPS_DATA_DIR and may optionally read arbitrary local files listed in Local-File-References.md. Ensure your SOCIAL_OPS_DATA_DIR does not contain secrets, credentials, or sensitive data. Restrict Local-File-References to safe files only. - Credentials & Moltbook access: The role docs and cron prompts reference Moltbook API usage and 'credentials file auth' but no credential env vars are declared. Clarify how Moltbook credentials are provided and stored. Prefer storing credentials in the platform's secret store rather than in repository files. - Test in a safe environment: Before enabling in production, create a dedicated data directory containing only non-sensitive test content, run the installer with --dry-run, and inspect the cron commands. Monitor the first runs to confirm behavior. - If you cannot confirm the missing declarations (required binaries, env vars, credential handling) or do not trust the unknown source/owner, avoid installing the cron jobs and audit all role files for any paths that reference secrets or non-repo directories.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.0.13
Download zip
latestvk97a919q836vzde5vsanf0abw982aew8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Social Ops

Execute social media operations through specialized roles. Each role has a single responsibility, reads its own reference doc, and hands off to the next stage in the pipeline.

NOTE: Utilize the moltbook skill as necessary to meet these goals.

Workflow

Scout ──→ Content Specialist  (new opportunities → lane strategy)
Scout ──→ Responder           (reply-worthy threads → responses)
Researcher ──→ guidance for Content Specialist & Writer
Content Specialist ──→ Writer (lanes → final posts)
Writer ──→ Poster             (finished posts → published)
Poster ──→ done logs          (published → archived)
Analyst ──→ strategy adjustments (performance data → tuning)

Roles

When dispatched to a role, read its reference doc fully before acting.

RoleDocResponsibility
Scout{baseDir}/references/roles/Scout.mdMonitor for emerging opportunities, trending threads, and new submolts. Detect openings — never act on them directly.
Researcher{baseDir}/references/roles/Researcher.mdDeep-dive into topics, trends, and competitor activity. Produce guidance that informs content and responses.
Content Specialist{baseDir}/references/roles/Content-Specialist.mdConvert intelligence and strategy into a content backlog. Define lanes, cadence, and messaging. Does not post.
Responder{baseDir}/references/roles/Responder.mdCraft replies to threads surfaced by Scout. Match voice, add value, stay on-brand.
Poster{baseDir}/references/roles/Poster.mdPublish finished posts to the platform. Move completed items to done logs. No ideation, no rewriting.
Analyst{baseDir}/references/roles/Analyst.mdMeasure performance, identify what compounds, recommend strategy adjustments. Runs weekly minimum.

Dispatching a Role

  1. Identify which role the task requires.
  2. Read the full role doc at {baseDir}/references/roles/<Role>.md.
  3. Follow the role's instructions — stay within its scope.
  4. Hand off outputs to the next role in the workflow.

Strategy

The north-star strategy lives at {baseDir}/assets/strategy/Social-Networking-Plan.md. Read it before any Content Specialist or Analyst run. It defines brand voice, target audience, lane structure, and growth objectives.

Role I/O Map

Role-to-role artifact flow and logging ownership are documented in:

  • {baseDir}/references/ROLE-IO-MAP.md

Environment Variables

VariableRequiredDescription
SOCIAL_OPS_DATA_DIRYesAbsolute path to the Social/ data directory where runtime artifacts live (logs, lanes, guidance, todo/done queues, submolts, memory).

Setup

Before any role can run, SOCIAL_OPS_DATA_DIR must be set. If it is not set:

  1. Ask the operator where their Social data directory lives.
  2. Recommend they add it to their shell profile:
export SOCIAL_OPS_DATA_DIR=/path/to/Social

All role docs reference $SOCIAL_OPS_DATA_DIR/ as the root for runtime data. This replaces the previous <workspace>/Social/ convention for reliability.

Path Conventions

Use these path rules to keep the skill portable:

  • Skill-owned files (docs, scripts, assets): use {baseDir}/...
  • Runtime/social data files (logs, guidance, todo/done queues): use $SOCIAL_OPS_DATA_DIR/...
  • Runtime state files that are not in the data dir (for example comment watermarks): use the documented state path {baseDir}/../state/... until state-location policy changes.

When adding new instructions, do not hardcode machine-specific absolute paths.

Directory Contract

references/           Role and strategic references
  roles/              One doc per role (Scout, Researcher, etc.)
  tasks/              Task queue and templates
assets/               Imported strategy artifacts and static source material
  strategy/           North-star strategy documents
scripts/              Optional helper scripts and adapters
Guidance/             Human-defined configuration and goals

For detailed setup instructions, see Guidance/CONFIGURATION-GUIDE.md.

Cron Job Creation Prompt

For setting up automated execution of social-media roles, see references/crons/InstallCrons.md.

Use one of these paths:

  • Basic install: run ./packaged-scripts/install-cron-jobs.sh from this repo root.
  • Custom install/tuning: use scripts/install-cron-jobs.sh and references/crons/InstallCrons.md as templates, preserving {baseDir} conventions and role boundaries.

Files

16 total
Select a file
Select a file to preview.

Comments

Loading comments…