Larry — Autonomous TikTok Slideshow Agent
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: larry-tiktok-agent Version: 1.0.0 The skill is classified as suspicious primarily due to the storage of sensitive credentials in plain text within `config.json`. Specifically, `postiz_email` and `postiz_password` are stored unencrypted, which is a significant security vulnerability. While the skill uses these credentials for its stated purpose (interacting with the Postiz API) and does not exhibit intentional malicious behavior like exfiltration to unauthorized endpoints, this insecure storage method makes the credentials vulnerable to compromise if the host system is breached. Additionally, the `research.py` script executes an external `claude` CLI tool via `subprocess.run`, introducing a dependency risk, though the argument passing method mitigates direct shell injection from the prompt string itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone receiving the skill package could read or attempt to use these credentials, and the skill may run against unintended NVIDIA/Postiz accounts.
The distributed active config contains real-looking API keys and login credentials rather than only placeholders.
"nvidia_api_key": "nvapi-[redacted]", "postiz_api_key": "[redacted]", "postiz_email": "alexander@[redacted]", "postiz_password": "[redacted]"
Remove config.json from the distributed package, rotate all exposed keys/passwords, ship only config.example.json, and require user-supplied local config or environment variables.
A compromised or mishandled config could expose full Postiz account access, not just permission to create a single draft.
The Postiz integration logs in with a full account email/password to obtain an auth cookie, which is broader and more sensitive than a scoped posting token.
json={"email": config.get("postiz_email", ""), "password": config.get("postiz_password", ""), "provider": "LOCAL"}Use a scoped API token/OAuth flow where possible, clearly declare the credential requirement, and avoid storing account passwords in the skill directory.
If a user runs or partially edits the included config, generated TikTok drafts may promote destinations that are not the user's own affiliate articles.
The bundled active configuration points generated content at specific existing sites and affiliate-style tags instead of neutral placeholders.
"site_url": "https://saunamagie.de", "amazon_tag": "ak1337-snm-21" ... "site_url": "https://golfmagie.de", "amazon_tag": "ak1337-gm-21"
Distribute only placeholder portal entries, make the skill fail closed until the user supplies their own site/account values, and clearly label any example domains as examples.
The skill may unexpectedly use the user's Claude account or fail in environments without the CLI, and topic/site details may be sent through an undocumented provider path.
The code invokes an undeclared local Claude CLI dependency, likely relying on the user's local Claude session/account, even though the documented requirements focus on NVIDIA and Postiz.
Generiert Hooks + Slide-Konzepte via Claude CLI (kein API-Key nötig) ... subprocess.run(["claude", "-p", prompt], capture_output=True, text=True, timeout=30)
Declare the Claude CLI as a required binary/credential if used, document what data is sent, or replace it with an explicitly configured provider call.
This is purpose-aligned, but it mutates a social-posting workspace and could create unwanted drafts if run with the wrong portal/account.
Non-dry-run mode uploads generated images and creates a Postiz/TikTok carousel draft under the configured account.
"type": "carousel", "content": caption, "media": [{"id": mid} for mid in media_ids], "settings": {"account": account_id, "status": "draft"}Use dry-run first, verify the configured account and destination URLs, and review each draft in Postiz before publishing.
Local log contents can bias future content generation if they are stale, incorrect, or manually altered.
Past performance logs are reused to influence future hook generation.
log_file = LARRY_DIR / "logs" / "performance.json" ... return [p["hook"] for p in portal_posts[:5]]
Keep performance logs local, inspect them periodically, and reset or edit them if future generated hooks become inappropriate.