ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

X Articles

v1.1.2

Publish viral X (Twitter) Articles with AI. Long-form content that gets engagement. Proven hook patterns, browser automation. Works with Claude, Cursor, OpenClaw.

6· 2.9k·7 current·7 all-time
byNext Frontier AI@nextfrontierbuilds
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (publish X Articles with browser automation) matches the included SKILL.md and the two helper scripts. The scripts call agent-browser, expect a local CDP-enabled browser, and use clipboard/file inputs — all coherent with publishing automation. The skill.json lists agent-browser as a dependency, which is expected.
Instruction Scope
SKILL.md instructs the agent to use agent-browser to navigate, paste content, upload images, snapshot the page, and optionally auto-click Publish. All instructions are narrowly scoped to preparing and publishing X Articles. They require a logged-in browser session and local clipboard access; there are no instructions to read unrelated system files, query cloud credentials, or send content to external endpoints beyond X via the browser.
Install Mechanism
There is no install spec (instruction-only + included scripts). No remote downloads or archive extraction are specified. The only external dependency is agent-browser (a CLI) and optionally pbcopy; the skill does not fetch arbitrary binaries from untrusted URLs.
Credentials
The skill declares no required environment variables or credentials. The scripts make limited use of a CDP_PORT env var (optional) to target a local browser and rely on the user being logged into X in that browser. This is proportionate to the task. Note: using local browser sessions means the automation will act with whatever account is logged in—ensure you intend that account to publish articles.
Persistence & Privilege
always:false and no claims of modifying other skills or agent-wide configs. The skill does not request persistent privileges or attempt to enable itself automatically. Autonomy (model invocation) is allowed by default but is not combined with broad credentials or always:true, so the privilege level is normal for an agent-invokable skill.
Assessment
This skill appears to do what it says: format content and drive a local browser to publish X Articles. Before installing, verify you trust the agent-browser CLI (install source and integrity) because the scripts will control a logged-in browser and can publish as that account. Run automation against a throwaway browser/profile if you want to test safely. Review the included publish-article.sh and format-for-x.sh to confirm there are no modifications you dislike (they only use agent-browser, pbcopy, and local file I/O). Note small inconsistencies (SKILL.md/skill.json version differences and no homepage listed) — check the git repository in skill.json if you want source provenance. Finally, the package uses the local clipboard (pbcopy on macOS) and snapshots to /tmp; ensure these behaviors are acceptable in your environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a6n7vkw4yt7ftkc24pspxxs80hy8c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments