ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tootbot

v0.5.0

Publish content to Mastodon. Use when you need to post a Mastodon status.

0· 2.6k·1 current·1 all-time
by@behrangsa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md and README clearly state this is a Mastodon publisher that requires the bun runtime and two env vars (MASTODON_URL, MASTODON_ACCESS_TOKEN). The skill registry metadata (requirements section) however lists no required binaries or env vars — that mismatch is incoherent: a Mastodon publisher legitimately needs the access token and a runtime (bun).
!
Instruction Scope
Runtime instructions are narrowly scoped to posting statuses and attaching media files (reading files referenced by the 'media.file' paths). However the script is included and minified/obfuscated, so its actual runtime behavior is hard to verify; it could read additional files or environment variables beyond what's documented. The SKILL.md itself does not instruct reading unrelated system files, but the included code could.
!
Install Mechanism
There is no install specification (instruction-only), but a 496 KB bundled/minified script is included and intended to be executed with bun. Shipping a large minified script with no source mapping makes manual review difficult and increases risk because arbitrary logic will be executed when run.
!
Credentials
The documented runtime requires MASTODON_URL and MASTODON_ACCESS_TOKEN (sensitive credentials) but the declared registry requirements list none. This is a concrete mismatch: the skill asks for sensitive credentials without declaring them. Users should treat any request for an access token as high-sensitivity and verify scope and origin first.
Persistence & Privilege
The skill does not request always:true and does not declare persistent installation behavior. The agent is allowed to invoke the skill autonomously (platform default). Combined with the presence of sensitive credentials and an opaque script, autonomous invocation would increase potential impact if the script misbehaves.
What to consider before installing
Do not install or run this skill blindly. Specific things to check before using it: - Verify the source and publisher: the registry metadata lists no homepage and the owner id is unfamiliar. - Expect to provide MASTODON_URL and MASTODON_ACCESS_TOKEN; only do so if you trust the skill and have verified the script. - Inspect the full scripts/tootbot.js in a safe environment (or ask the author for readable source). The file is large and minified — consider requesting an unminified repository reference or source review. - Validate the access token's scope (create a token with minimal scope needed for posting) and consider using a throwaway/test account first. - Run the script in an isolated container or sandbox and monitor network calls (to confirm it only talks to the configured Mastodon instance). - If you cannot review the code or verify provenance, treat this skill as untrusted and avoid supplying your real Mastodon access token.

Like a lobster shell, security has layers — review code before you run it.

latestvk970gxnjfzp8v9w9cx7xqp9a5x800mx6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐘 Clawdis

Comments