ClawHub

SocialClaw CLI

v0.1.5

Use Social Flow as an agentic control plane for Meta operations via the installed `social` CLI and Gateway API. Ideal when the user asks for multi-step execu...

1· 590·2 current·3 all-time
byVishal@vishalgojha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary ('social'), and the npm install (@vishalgojha/social-flow) align with a CLI wrapper for Meta operations. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines runtime actions to running the 'social' CLI (version/doctor, queries, and gated writes), proposing commands and asking for confirmation for writes. It does not instruct reading unrelated files or exfiltrating data, and it explicitly warns not to print secrets.
Install Mechanism
Install is via an npm package (@vishalgojha/social-flow) that provides the 'social' binary — expected for a CLI skill. npm packages can contain arbitrary code, so this is a standard but non-trivial trust surface; the SKILL.md points to a GitHub repo which allows manual review.
Credentials
The skill declares no required environment variables or credentials. It uses the social CLI which may itself require/configure tokens, but the skill does not request unrelated secrets or broad environment access.
Persistence & Privilege
always is false and the skill is user-invocable; the skill does not request permanent agent-wide privileges or modify other skills' configs. Autonomous invocation is allowed (platform default) and not combined with other red flags.
Assessment
This skill appears coherent for operating the Social Flow CLI, but installing an npm package gives code execution rights on the machine. Before installing/globally installing: (1) verify the npm package and linked GitHub repo and maintainer identity, (2) review the package source (or install in a container or sandbox), (3) prefer local or CI-based installs instead of global installs if you want less host exposure, (4) be cautious about granting the CLI any Meta/API credentials—use test or sandbox accounts first, and (5) ensure the skill always asks for explicit confirmation before any write/high-risk action (the SKILL.md says it will). If you need higher assurance, ask the maintainer for a signed release or audit the package contents prior to installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7azcjb56mb3thb9pezp28n82ak12

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binssocial

Install

Install Social Flow CLI (npm)
Bins: social
npm i -g @vishalgojha/social-flow

Comments