ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Social Bot

v1.0.0

Reddit & X/Twitter auto-reply bot for ecommerce/SaaS growth. Finds relevant posts about AI customer service, Amazon FBA, Shopify — posts genuine AI-generated...

0· 173·1 current·1 all-time
by@mguozhen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mguozhen/social-bot.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Social Bot" (mguozhen/social-bot) from ClawHub.
Skill page: https://clawhub.ai/mguozhen/social-bot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install social-bot

ClawHub CLI

Package manager switcher

npx clawhub@latest install social-bot
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and SKILL.md align with the declared purpose: automated replies on Reddit and X via browser automation and Claude (Anthropic). However the package/registry metadata claims no required env vars or install steps while SKILL.md and code require ANTHROPIC_API_KEY, the browse CLI, and provide install scripts—this metadata mismatch is an incoherence the user should notice.
!
Instruction Scope
Runtime instructions and code perform broad actions: control a local Chrome session via the browse CLI (including logging in via Google OAuth), scrape pages, post comments/replies, and send post content/snippets to Anthropic. These actions are consistent with purpose but have broader scope than a simple 'reply helper' (e.g., account warmup, LaunchAgent scheduling, dashboard web server). The SKILL.md also instructs running a remote install script (curl | bash), which grants arbitrary install-time discretion.
!
Install Mechanism
No formal install spec in registry, but SKILL.md tells users to run `curl .../install.sh | bash` from raw.githubusercontent.com. The repository includes install.sh/setup.sh and a macOS LaunchAgent registration step. Executing a remote install script (pipe-to-shell) is high-risk—inspect the script before running and prefer manual install steps or running in an isolated environment.
Credentials
The code only requires an ANTHROPIC_API_KEY (as used by bot/ai_engine.py) which is proportional to its use of Claude. However registry metadata did not declare this env var; the SKILL.md does. Also the browse CLI will use a real browser session (cookies, logged-in accounts) which gives the skill access to any accounts signed in to that browser profile—this is sensitive and should be isolated.
!
Persistence & Privilege
Although always:false, the install instructions advertise registering a macOS LaunchAgent to run daily and start a local dashboard (Flask). That creates persistent scheduled execution and an always-on web endpoint on localhost. This is expected for a bot but is a privilege escalation relative to a purely ephemeral skill install—inspect install.sh and be comfortable with background scheduled tasks before proceeding.
What to consider before installing
Key things to consider before installing: (1) Do NOT run the one-line `curl | bash` blindly — review install.sh and setup.sh contents first. (2) This tool requires your ANTHROPIC_API_KEY and will send scraped post content/snippets to Anthropic for reply generation; ensure you are comfortable with that data leaving your machine. (3) The bot controls a real browser session via the browse CLI; run it in a dedicated browser profile or VM so other logged-in accounts/cookies aren't accessible. (4) The installer may register a scheduled job and run a local web dashboard—check and approve those actions manually. (5) Automated posting/warmup can violate Reddit/X policies and risk account suspension; consider the policy and legal/ethical implications. (6) If you want to proceed, audit the GitHub repo and install scripts, run in an isolated environment (VM/container), and limit the Anthropic key's billing/permissions if possible.

Like a lobster shell, security has layers — review code before you run it.

latestvk9725cnaxnzvpwpese0xwazzks838gs8
173downloads
0stars
1versions
Updated 20h ago
v1.0.0
MIT-0
@mguozhen
latest
Download

Social Reply Bot

Automatically finds and replies to relevant Reddit and X/Twitter posts about ecommerce, Amazon FBA, and AI customer service. Also builds Reddit account karma and tracks potential customer leads.

Commands

social reply bot                  # run both platforms
social reply bot x only           # X/Twitter only
social reply bot reddit only      # Reddit only
social reply bot warmup           # build Reddit karma (8 comments)
social reply bot warmup 15        # warmup with custom target
social reply bot leads            # show potential customers found
social reply bot stats            # today's stats
social reply bot dashboard        # open web dashboard

Setup

curl -fsSL https://raw.githubusercontent.com/mguozhen/social-bot/main/install.sh | bash

Requirements

  • browse CLI: npm install -g @browserbasehq/browse-cli
  • Log in to Reddit and X in the browse-controlled Chrome window
  • ANTHROPIC_API_KEY in .env

Features

Daily Reply Bot

  • Searches subreddits and X for posts matching your product keywords
  • Claude generates genuine, on-topic replies (not spam)
  • Browser automation — no Reddit/X API key needed
  • SQLite deduplication — never replies to the same post twice

Reddit Warmup (karma building)

  • Visits low-moderation subreddits (r/karma, r/CasualConversation, r/self)
  • Claude Haiku generates authentic short comments (no product mentions)
  • Natural delays between posts (90–180s)
  • Builds Comment Karma to unlock restricted subreddits

Lead Tracking

  • Every replied post analyzed by Claude for customer potential
  • Scored 1–10 with urgency level
  • Extracts business type and pain points
  • View with: social reply bot leads

Configuration

Edit ~/social-bot/config.json to set your subreddits, X search queries, product descriptions, and daily targets.

Comments

Loading comments...