Back to skill
Skillv1.0.0
ClawScan security
Boring Social Media Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 28, 2026, 7:18 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared needs (a single MCP connector URL containing an embedded auth token) match its social-posting purpose, but the runtime instructions allow uploading local files and rely on a single opaque token that grants publish rights — this creates a plausible exfiltration/publish risk and some unanswered trust questions about the third-party service.
- Guidance
- This skill is internally coherent for cross-posting, but it relies on a single MCP connector URL that contains an embedded auth token with publish rights. Before installing or pasting that link into your agent: (1) Verify you trust boring.aiagent-me.com (review privacy, security, and the project's source code/maintainer). (2) Confirm the token's exact scopes in the Boring dashboard and revoke/regenerate it if unsure. (3) Be cautious about granting the agent access to local files — the skill explicitly supports uploading local files, which could be used to exfiltrate sensitive files if the agent/platform has broad filesystem access. (4) Prefer using per-platform official integrations where possible and limit autonomous invocation or audit agent actions/logs if you keep this skill. If you want a stronger assessment, provide the MCP connector handler implementation or the service's documented token scopes and privacy/security documentation.
Review Dimensions
- Purpose & Capability
- okName/description align with the requirements: a social-publishing service legitimately needs a connector URL (an API token) to publish to multiple platforms. There are no unrelated env vars, binaries, or installs listed.
- Instruction Scope
- concernSKILL.md instructs the agent to upload local files (boring_upload_file with file_path) and to re-host external URLs. It does not limit or describe what 'local files' means or how file access is authorized, which could allow the agent to read and upload arbitrary user files if the agent platform grants file-system access. The instructions also direct all publish actions through the third-party MCP endpoint (boring.aiagent-me.com) which holds an embedded token that can create posts across connected accounts.
- Install Mechanism
- okInstruction-only skill with no install step or external downloads — low installation risk. Nothing is written to disk by the skill itself (no install spec).
- Credentials
- noteNo environment variables or multiple credentials are requested; instead the skill requires a single MCP connector URL that contains an embedded auth token. That is proportionate for posting, but this single opaque credential is highly privileged (can publish and upload media to all connected accounts) and must be treated like a password. The SKILL.md asserts limited token scope, but that claim cannot be verified from the instructions alone.
- Persistence & Privilege
- okalways: false and default autonomous invocation are used (normal). The skill does not request permanent presence or claim to modify other skills/config. The main privilege risk arises from the MCP token's capabilities rather than the skill's platform privileges.