Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Baoyu Post To X
v0.1.0Posts content and articles to X (Twitter). Supports regular posts with images/videos and X Articles (long-form Markdown). Uses real Chrome with CDP to bypass anti-automation. Use when user asks to "post to X", "tweet", "publish to Twitter", or "share on X".
⭐ 3· 2.2k·44 current·44 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill truly implements posting to X using a real Chrome/CDP flow (consistent with its description). However, the registry metadata claims no required binaries/env/config paths while SKILL.md and the scripts explicitly require Google Chrome/Chromium, the bun runtime, and access to a Chrome user profile directory (persistent login). That mismatch between declared requirements and actual needs is an incoherence the user should notice.
Instruction Scope
The runtime instructions and scripts do more than just call an API: they (a) read EXTEND.md from the project or $HOME, (b) launch and attach to real Chrome with a persistent profile (potentially reusing the user's default profile), (c) copy images/HTML to the system clipboard and send real OS keystrokes (osascript/xdotool/powershell), and (d) download remote images referenced in Markdown. The SKILL.md metadata did not declare these filesystem and automation accesses. These actions require high OS-level privileges (accessibility/automation) and access to local user data (Chrome profile, home directory).
Install Mechanism
No install spec is provided (instruction-only), which lowers installer-supply-chain risk. However the skill includes multiple runnable TypeScript/JS files that the agent will execute via 'bun' / 'npx -y bun ...'. That execution will run local scripts and may invoke system commands (swift/osascript/xdotool/powershell), so there is runtime risk even without an explicit install step. The scripts also perform network downloads for remote images.
Credentials
Registry/metadata declare no required env vars or config paths, yet the instructions and code reference/expect environment/config state: X_BROWSER_CHROME_PATH is mentioned, a default Chrome profile directory is used (getDefaultProfileDir), EXTEND.md is read from $HOME, and the skill will read local files (images, markdown) and the user's Chrome profile data (cookies/session). These are sensitive and not reflected in the declared requirements — requesting access to the user's Chrome profile and home config is disproportionate unless the user knowingly provides a dedicated profile directory.
Persistence & Privilege
The skill is not 'always' installed and does not request elevated platform privilege in metadata. It does, however, expect to reuse or create Chrome user-data directories and may detect/attach to an existing Chrome instance (DevToolsActivePort). This gives it access to an authenticated browser session (cookies, local storage) if the default profile is used. That level of local-state access increases blast radius and should be explicit to users, though it is logically necessary for persistent login.
What to consider before installing
This skill will launch a real Chrome instance, rely on a persistent Chrome profile (to use your logged-in X session), and use system clipboard + OS automation (osascript/xdotool/powershell) to paste images — it requires Chrome and the bun runtime even though the registry metadata lists none. Before installing or running it:
- Treat it as powerful: running it with your default Chrome profile lets it act from your logged-in X account and gives access to cookies and other browser data. Prefer creating and specifying a dedicated Chrome profile directory with --profile to isolate credentials.
- Expect to grant OS automation/accessibility permissions (macOS Accessibility, xdotool/ydotool, etc.). Only grant these if you trust the code.
- The skill reads $HOME/.baoyu-skills/baoyu-post-to-x/EXTEND.md and project .baoyu-skills/... files for config — review those files if present and be cautious about placing secrets there.
- The code downloads remote images referenced in Markdown; network I/O is expected but review md-to-html.ts for allowed hosts if you have concerns.
- If you need to proceed, inspect x-utils.js (not shown in the summary) for any unexpected network endpoints, file writes outside temp directories, or code that reads other local secrets. Run the skill in a sandboxed environment or VM first, and avoid using your primary Chrome profile.
Summary recommendation: do not install blindly. The behavior is consistent with posting via a real browser, but the metadata underreports the privileges and filesystem access; treat this skill as high-privilege and only use it with explicit isolation and review.Like a lobster shell, security has layers — review code before you run it.
latestvk976rwz0nbtvbxdr6wm7xfmbsx80kxka
License
MIT-0
Free to use, modify, and redistribute. No attribution required.