Skillv1.0.4

ClawScan security

Boring Social Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 9:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested credential (an MCP connector URL) and its runtime instructions are consistent with a cross-posting/publishing integration — no hidden or unrelated privileges are requested, but the connector URL is a powerful secret and media is rehosted to Boring's cloud so users should treat it carefully.
Guidance: This skill appears to do what it says, but before installing or connecting your accounts consider: (1) The MCP link you paste is a bearer token — anyone with it can publish to your connected social accounts. Only paste it into a trusted agent and revoke/regenerate it if compromised. (2) Any local files or external URLs you provide will be uploaded to Boring's Google Cloud Storage and stored for publishing — review their retention/privacy policies if your media is sensitive. (3) Prefer testing on non-critical accounts first, and use the minimum set of connected accounts necessary. (4) If you ever want to stop the skill from posting, remove the connector from your agent/Claude settings or revoke the token in Boring's dashboard. (5) Because this is instruction-only (no install), the main risk is the connector token and the data you choose to upload — there is no hidden code being installed by the skill.

Review Dimensions

Purpose & Capability: okName and description (cross-posting to multiple social networks) match the runtime instructions: listing accounts, uploading media, adapting text per platform, scheduling, and publishing. The single required input (MCP connector link containing an auth token) is appropriate for a third-party publishing service.
Instruction Scope: noteInstructions stay within publishing scope (list accounts, upload media, publish, schedule). They explicitly instruct uploading local files and re-hosting external URLs to Boring's Google Cloud Storage — this is expected for a publishing service but it does mean any local files the user provides will be transmitted to and stored by the vendor. The skill does not instruct reading unrelated local files or environment variables.
Install Mechanism: okNo install spec or third-party packages are required (instruction-only). That minimizes on-disk code risk; there are no downloads or executable installs to review.
Credentials: noteNo environment variables or unrelated credentials are requested. The single required artifact is the MCP connector URL (embedded auth token). That is proportionate for this purpose, but it is effectively a bearer token granting the skill access to publish on connected social accounts and should be treated like a password.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent system-level privileges or to modify other skills. The main persistence concern is the connector token the user will store in the agent platform (Claude Connector) — not a property of the skill itself.