Multi-Channel Engagement Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed social-media posting bot, but it needs powerful account and wallet credentials, can post publicly without a review gate, and uses risky shell-based helper execution.
Install only if you are comfortable with an agent posting publicly from your accounts. Use dedicated bot accounts, least-privilege tokens, a low-balance Farcaster wallet, and a local dry-run/approval workflow. Review or pin the farcaster-agent dependency before giving it private keys, and avoid storing main account credentials in plain config files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish unwanted, low-quality, reputationally harmful, or policy-violating posts from the user’s accounts.
The skill is designed to automatically generate and publish public replies from the user's social accounts. The visible workflow does not show a required human approval step before posting.
Autonomous engagement bot for **Twitter**, **Farcaster**, and **Moltbook**. Fetches trending content, generates persona-driven contextual replies... ### Step 5: Post Reply ... await client.v2.reply(replyText, originalTweetId);
Use a dry-run or preview mode by default, require explicit approval for each post, set strict per-platform limits, and test only with dedicated bot accounts.
Compromise or misuse of these credentials could let someone post as the user or use Farcaster wallet/signing authority.
The sample config requires read/write social credentials and Farcaster private keys. These are powerful account/wallet authorities, yet the registry metadata declares no primary credential or required env vars.
"oauth": { "consumerKey": "YOUR_CONSUMER_KEY", "consumerSecret": "YOUR_CONSUMER_SECRET", "accessToken": "YOUR_ACCESS_TOKEN", "accessTokenSecret": "YOUR_ACCESS_TOKEN_SECRET" }, ... "signerPrivateKey": "YOUR_SIGNER_PRIVATE_KEY_HEX_NO_0X", "custodyPrivateKey": "0xYOUR_CUSTODY_PRIVATE_KEY"Use least-privilege tokens, dedicated bot accounts, a low-balance Farcaster wallet, secure local secret storage, and registry metadata that clearly declares all credential requirements.
A crafted config value, helper path, or unexpected generated text could lead to unintended local command execution or exposure of private keys in command-line context.
The code builds a shell command using credential values and generated reply text, then executes it through PowerShell. Only double quotes in replyText are escaped, leaving avoidable command-construction risk.
const envStr = Object.entries(env).map(([k, v]) => `$env:${k}=\"${v}\"`).join('; ');
const cmd = `${envStr}; node skills/farcaster-agent/src/post-cast.js \"${replyText.replace(/\"/g, '\\\"')}\"`;
const output = execSync(cmd, { encoding: 'utf8', shell: 'powershell.exe' });Avoid shell execution. Use execFile/spawn with an argument array and an env object, validate all inputs, avoid putting private keys in command strings, and call Farcaster APIs through a scoped library if possible.
Users may hand high-value wallet credentials to external helper code that is not included in this artifact set or pinned by this skill.
The skill depends on a separate farcaster-agent helper and instructs users to run it with a private key. The supplied install spec is empty and does not pin or document dependency versions.
clawhub install farcaster-agent PRIVATE_KEY=0x... node src/auto-setup.js "Your first cast"
Pin and declare all dependencies, include a reviewed lockfile/install spec, document the exact helper version, and have users review the external skill before providing private keys.
Automating verification challenges may violate platform expectations or anti-spam controls and can increase the chance of account restrictions.
The skill explicitly automates Moltbook’s posting verification challenge as part of social posting.
**Verification:** Posts require solving math captcha (automated in this skill)
Confirm platform permission for automated verification, make this feature opt-in, document the risk clearly, and disable automated challenge solving unless the user explicitly approves it.