ClawHub

dopost-api

v1.1.0

Use the Dopost REST API to publish, schedule, and manage social media posts programmatically. Use this skill when the user wants to publish to social media,...

0· 0·0 current·0 all-time
by@dopost
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, documented endpoints, and required DOPOST_API_KEY align. All declared capabilities (publish, schedule, media upload, account listing) map directly to the API endpoints documented in SKILL.md.
Instruction Scope
SKILL.md limits runtime actions to preparing HTTP requests to dopost.co endpoints and instructs checking for a DOPOST_API_KEY in .env or asking the user. It does not ask to read unrelated files, access other credentials, or send data to unexpected endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or downloaded. This is the lowest-risk install model and fits the skill's purpose.
Credentials
Only a single env var (DOPOST_API_KEY) is required and is appropriate for the documented REST API usage. The SKILL.md references only that key for authentication; no unrelated secrets or system paths are requested.
Persistence & Privilege
The skill is not always-enabled (always: false) and does not request persistent system-wide configuration. It uses the platform-default autonomous invocation capability, which is standard for skills and not excessive here.
Assessment
This skill will use your Dopost API key (DOPOST_API_KEY) to call Dopost endpoints and publish or schedule posts. Only install it if you trust the Dopost integration and the skill source. Prefer creating a scoped API key with minimal permissions rather than a full account master key, and rotate or revoke the key if you stop using the skill. Confirm the API key is stored securely (not committed to public repos) and review Dopost's official docs (https://dopost.co/docs/api) if you need to verify endpoint behavior. Note: the skill can be invoked by an agent per platform defaults — ensure you are comfortable with the agent performing publishing actions on your behalf.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c65jtvhksxzty4r8njx7yr584kdcv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvDOPOST_API_KEY
Primary envDOPOST_API_KEY

Comments