ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

openclaw-threadsctl

v1.0.2

Manage Threads accounts, OAuth connect URLs, drafts, and publishing through the local `threadsctl` CLI. Use when the user wants to post to Threads, create or...

0· 112·0 current·0 all-time
byVladyslav Dobrodii@dladislav201

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dladislav201/openclaw-threadsctl.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "openclaw-threadsctl" (dladislav201/openclaw-threadsctl) from ClawHub.
Skill page: https://clawhub.ai/dladislav201/openclaw-threadsctl
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-threadsctl

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-threadsctl
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name and description (threadsctl integration) match the instructions: it legitimately needs to run threadsctl and work with Threads accounts. However, the SKILL.md requires the THREADS_SERVICE_URL and THREADS_SERVICE_API_KEY and a specific runtime directory (/opt/threads-service-ts/threads-service) and local media path (/root/.openclaw/media), yet the registry metadata lists no required env vars or config paths. Those omissions are inconsistent and unexplained.
!
Instruction Scope
Instructions direct the agent to run CLI commands from a specific server directory and to use local files under /root/.openclaw/media, and to produce OAuth connect URLs for users. While these actions align with posting/connecting workflows, they expand the agent's scope into server-local files and credentials. The SKILL.md does not detail safeguards for handling secrets or limiting file access, creating scope creep risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which is lower-risk from an installation perspective (nothing is downloaded or written to disk by the skill package itself).
!
Credentials
The runtime instructions explicitly require THREADS_SERVICE_URL and THREADS_SERVICE_API_KEY (sensitive credentials) and expect OpenClaw to save local media under /root/.openclaw/media, but the skill declares no required environment variables or primary credential. Sensitive requirements should be declared in the registry and justified; the current omission is disproportionate and opaque.
Persistence & Privilege
The skill does not request always:true and does not claim persistent system changes. Model invocation remains allowed (default), which is normal; however, autonomous execution combined with the undeclared credentials would increase risk if allowed without user confirmation.
What to consider before installing
Before installing, confirm with the skill author or registry that THREADS_SERVICE_URL and THREADS_SERVICE_API_KEY are required and why; ask them to add those env/config requirements to the metadata. Do not grant the agent broad access to a production server root path (/root/.openclaw/media) or the /opt/threads-service-ts directory unless you control that environment. If you must use this skill, run it in a controlled/test environment, inspect the threadsctl binary and its configuration, and require explicit user confirmation for any publish action (avoid autonomous publishing). Consider limiting agent privileges or disabling autonomous invocation for this skill until the metadata and safeguards are clarified.

Like a lobster shell, security has layers — review code before you run it.

latestvk9754wwg8ey88pjba5app2wgk1856k2r
112downloads
0stars
3versions
Updated 1w ago
v1.0.2
MIT-0
Vladyslav Dobrodii@dladislav201
latest
Download

OpenClaw Threads via threadsctl

Use threadsctl as the default interface for Threads operations.

This skill is model-agnostic. It can be used with OpenAI Codex, Gemini, or another OpenClaw text provider. Optional image generation providers are separate from Threads publishing.

Prerequisites

  • threadsctl is installed and available in PATH
  • THREADS_SERVICE_URL and THREADS_SERVICE_API_KEY are configured for the CLI
  • At least one working OpenClaw text model is configured
  • Optional: an image generation provider such as Gemini if the user wants help creating images before posting
  • Run threadsctl from /opt/threads-service-ts/threads-service on the server where the service is deployed

Use when

  • The user wants to publish to Threads
  • The user wants to create, approve, or publish a draft
  • The user wants to connect a Threads account
  • The user wants to inspect accounts, stats, drafts, or published posts
  • The user would otherwise need raw curl or direct HTTP requests

Rules

  1. Prefer threadsctl over raw curl or manual HTTP requests.
  2. Support both workflows:
    • direct publish
    • draft-first
  3. If the user says "post now", use direct publish.
  4. If the user says "draft", "prepare", "queue", or wants review first, use draft flow.
  5. If the account is unclear, ask which account label or ID to use.
  6. Prefer account labels over raw account IDs when communicating with the user.
  7. Use --confirmed only when the user clearly intends immediate publishing.
  8. Show concise summaries of results and include IDs only when useful.
  9. If a command fails, surface the real error and explain the likely next step.
  10. If the user wants a new image created, handle image generation separately before publishing.
  11. Prefer --file for images generated locally by OpenClaw under /root/.openclaw/media/....
  12. Use --media-url only when the image is already hosted at a reachable public URL.
  13. Run threadsctl commands from default dir /opt/threads-service-ts/threads-service(if user run threadsctl service there) so the deployed wrapper and Docker setup are used.

Commands

Accounts

threadsctl accounts list
threadsctl accounts stats --account main-brand

OAuth

threadsctl auth connect-url --label main-brand

Drafts

threadsctl drafts list --account main-brand
threadsctl draft create --account main-brand --type text --text "Post content" --created-by "OpenClaw"
threadsctl draft create --account main-brand --type image --media-url "https://example.com/image.jpg" --text "Caption" --alt-text "Alt text" --created-by "OpenClaw"
threadsctl draft approve --id draft_xxx --approved-by "OpenClaw"
threadsctl draft publish --id draft_xxx --actor "OpenClaw"

Direct publish

cd /opt/threads-service-ts/threads-service
threadsctl publish text --account main-brand --text "Hello from Threads" --confirmed
threadsctl publish image --account main-brand --file "/root/.openclaw/media/tool-image-generation/image-1---real-file.jpg" --text "Caption" --alt-text "Alt text" --confirmed
threadsctl publish image --account main-brand --media-url "https://example.com/image.jpg" --text "Caption" --alt-text "Alt text" --confirmed

Published posts

threadsctl published list --account main-brand

Workflow

Direct publish

Use when the user clearly wants an immediate post.

Example:

cd /opt/threads-service-ts/threads-service
threadsctl publish text --account main-brand --text "Launching today" --confirmed

Draft-first

Use when the user wants review, approval, or preparation before posting.

Example:

threadsctl draft create --account main-brand --type text --text "Launching today" --created-by "OpenClaw"

Image generation plus publish

If the user wants a brand new image, first use the configured image generation provider. If OpenClaw saved the file locally under /root/.openclaw/media/..., publish it with --file.

Preferred publish step for local OpenClaw output:

cd /opt/threads-service-ts/threads-service
threadsctl publish image --account main-brand --file "/root/.openclaw/media/tool-image-generation/generated-image.jpg" --text "Launching today" --alt-text "Product launch image" --confirmed

Hosted-image fallback:

cd /opt/threads-service-ts/threads-service
threadsctl publish image --account main-brand --media-url "https://example.com/generated-image.jpg" --text "Launching today" --alt-text "Product launch image" --confirmed

Account connection

To connect a new Threads account:

  1. Run:
threadsctl auth connect-url --label client-two
  1. Return the generated URL to the user.
  2. Tell the user to open it in a browser and complete OAuth.

Do not

  • Do not use raw curl when threadsctl supports the action.
  • Do not invent account IDs.
  • Do not silently switch accounts.
  • Do not pass --confirmed unless immediate publishing is intended.
  • Do not hide command errors.
  • Do not assume an image generation provider is configured unless the environment actually supports it.
  • Do not pass local filesystem paths to --media-url.

Output style

Prefer short result summaries such as:

  • Published successfully from main-brand.
  • Draft created for second-brand.
  • Could not publish because confirmation was not provided.

Additional resources

Comments

Loading comments...