Skillv1.0.0

ClawScan security

ClawOS X Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 5:53 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (posting/replying on X) matches its description, but it omits any explicit credential/config requirements and has no source/homepage, so it's unclear what account tokens or CLI config it will use to operate.
Guidance: This skill will run xurl commands to post, reply, like, and retweet on X. Before installing or enabling it: 1) Confirm you have xurl installed and know which X account/profile it's authenticated to — the skill does not declare or request credentials, so it will use whatever xurl credentials exist on the host. 2) Prefer configuring a dedicated/test X account or token with limited privileges so accidental/misleading posts don't affect your main brand. 3) If you plan to allow autonomous agents to invoke skills, remember the agent could post without per-action confirmation; consider requiring manual approval or restricting model autonomy. 4) Because the skill has no homepage and an unknown source, review who published it and prefer skills with a verifiable repository or maintainer. If you need higher assurance, ask the publisher to document required auth/config paths and provide a verified source repository.

Review Dimensions

Purpose & Capability: noteThe skill's name and description match the instructions: it automates posting, replying, liking, retweeting on X using the xurl CLI. However, it declares no required credentials or config paths even though any real posting requires authenticated X credentials or a configured xurl profile. That omission is plausible if the operator expects an already-authenticated xurl, but it's an important undocumented assumption.
Instruction Scope: okSKILL.md is narrowly scoped to X account operations via xurl (mentions, search, post, reply, like, retweet). It does not instruct the agent to read unrelated system files or external endpoints. Some parts are operationally vague (e.g., how to determine "unanswered" mentions), but this is within scope rather than scope creep.
Install Mechanism: okInstruction-only skill with no install spec or code files — it does not download or install binaries. Lowest install risk.
Credentials: concernThe skill requires zero declared env vars or config paths, yet to function it must use authenticated X credentials (via xurl CLI configuration or environment). The absence of explicit credential declarations or guidance about which config will be used is a mismatch — the agent may access whatever xurl credentials exist on the host (e.g., local CLI config or token files) without the user realizing which account will be controlled.
Persistence & Privilege: okalways is false and the skill does not request persistent installation or modify other skills. Note: disable-model-invocation is false (default), so an autonomous agent could invoke this skill to post on X if the agent is allowed to call skills — that is normal but worth acknowledging.