Skillv1.0.1

ClawScan security

Threads Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 27, 2026, 2:39 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested credential (an MCP connector URL with an embedded token) and the runtime instructions align with its stated purpose of publishing to Threads, but the connector token is powerful and you should only provide it to a trusted service.
Guidance: This skill appears coherent for its purpose, but before installing: (1) only paste the MCP Connector link if you trust boring.aiagent-me.com — the link embeds a token that can publish to any connected accounts; treat it like a password and revoke/regenerate if compromised; (2) understand that providing local files or Drive links will allow the agent to read those assets to attach to posts; (3) verify the third‑party service (boring.aiagent-me.com / the GitHub repo) and its privacy/security practices before granting publish access; (4) prefer creating a minimally privileged connector or limiting which accounts are connected where possible; and (5) if you need higher assurance, test with an unprivileged or disposable account first.

Purpose & Capability: okThe skill claims to publish posts/threads to Threads and requires a single MCP Connector link that contains an embedded auth token granting publish access. That credential is directly relevant and expected for a third‑party publishing bridge.
Instruction Scope: noteInstructions are limited to listing accounts, uploading media, publishing posts/threads, and scheduling. They reference uploading local files (file_path) and passing Google Drive URLs; those are appropriate for a publisher but mean the agent may need user-provided files/links. The SKILL.md does not instruct reading unrelated local system files or environment variables.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk or downloaded by the skill itself.
Credentials: noteNo local environment variables are requested. The single required artifact is an MCP Connector URL with an embedded token; it is proportionate to a publishing tool but is a high-privilege credential (can create posts, upload media, schedule posts across connected accounts). Treat it as sensitive.
Persistence & Privilege: okThe skill does not request always:true and does not declare any behavior that modifies other skills or system-wide settings. Autonomous invocation is allowed by default but is not combined with additional red flags here.