AdaptlyPost
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: adaptlypost Version: 1.0.5 The adaptlypost skill bundle is a well-documented integration for a social media management SaaS. It includes comprehensive safety instructions for the AI agent in SKILL.md, explicitly requiring user confirmation for all public actions (posting) and sensitive operations (file uploads). The skill uses standard curl commands to interact with its API (https://post.adaptlypost.com) and provides clear warnings about the public nature of uploaded media URLs, demonstrating transparency rather than malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent can publish or schedule content on connected social accounts, and mistakes may be visible publicly.
The skill can create public social media posts and upload media through API calls. This is central to the stated purpose, and the artifact explicitly warns that these are high-impact actions.
Posts are **public, attributable, and hard to fully retract**. Treat every `POST /social-posts` and `POST /upload-urls` as a high-impact action.
Use the skill only with deliberate per-post approval, review the exact text, platforms, account names, timing, visibility settings, and prefer drafts for sensitive or first-time use.
A token with access to many accounts could allow broad posting or account listing through AdaptlyPost if misused.
The API key grants delegated access to connected social accounts. The artifact mitigates this by recommending a dedicated revocable token and limiting connected accounts.
generate a **dedicated, revocable** API token for this agent... Connect only the social accounts the agent actually needs. The token has delegated access to every account in the group
Create a separate AdaptlyPost API token for this agent, connect only the needed accounts, and revoke or rotate the token when no longer needed.
A wrong account, typo, or visibility setting could be repeated across multiple scheduled posts if bulk actions are approved carelessly.
Bulk scheduling can amplify a mistake across many queued posts. The artifact recognizes this risk and instructs the agent to obtain explicit batch consent and start with a small batch.
Never batch without explicit batch consent. If the user asks to schedule many posts in a row, ask them to confirm a **small first batch** (e.g. 1–3 posts) before scheduling the rest.
Approve small batches first, verify results in AdaptlyPost, and only then authorize larger scheduling runs.