OpenClaw Social Post
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is for social posting, but its artifacts show risky behavior: it can make unexpected Twitter posts during tier detection, helps evade duplicate-content checks, and passes Farcaster private keys into external code.
Review and patch the tier-detection code before use, avoid the duplicate-detection bypass feature, and only use dedicated social accounts and a low-balance Farcaster wallet. Verify the external farcaster-agent dependency and confirm which account will post before allowing any real posting.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could get an unexpected public tweet and API charge just from account-tier detection or validation.
The code claims this is a dry run, but it calls Twitter's tweet creation endpoint. If the test post succeeds, it can publish a 281-character test tweet without a separate user confirmation.
test_url = "https://api.twitter.com/2/tweets" ... # Dry run - don't actually post ... test_response = requests.post(test_url, auth=auth, json=test_payload)
Remove the posting-based fallback, use a non-mutating API check if available, or require explicit confirmation before any POST request that can publish content.
Using this feature could facilitate spam-like posting patterns or violate platform rules.
The auto-variation feature is explicitly positioned as evading platform duplicate-content enforcement, especially across multiple accounts.
- Bypass Twitter's anti-spam duplicate content blocker
Do not use auto-variation to evade platform enforcement; limit automation to user-reviewed, policy-compliant posts.
If the external farcaster-agent repo is missing, changed, or compromised, the user's Farcaster wallet/signer keys could be exposed or misused.
Farcaster posting depends on an external repo outside this skill's provided file manifest, and raw Farcaster private keys are passed into that external code path.
FARCASTER_REPO="/home/phan_harry/.openclaw/workspace/skills/farcaster-agent/repo" ... PRIVATE_KEY="$private_key" SIGNER_PRIVATE_KEY="$signer_key" FID="$fid" npm run cast "$text"
Vendor or pin the dependency, declare node/npm and the external dependency explicitly, and avoid passing raw private keys to unreviewed code.
A post intended for one configured account could be sent from the default account instead.
The implementation appears hardcoded for one named secondary account and otherwise falls back to the default account, despite the documentation describing arbitrary custom account prefixes.
if [ "$TWITTER_ACCOUNT" = "oxdasx" ]; then ... else
# Default to mr_crtee
export X_CONSUMER_KEY="${X_CONSUMER_KEY}"Reject unknown account names or implement generic prefix-based credential lookup exactly as documented, with the selected account shown before posting.
Images attached to Farcaster posts leave the local machine and may become publicly accessible through third-party hosting.
Selected Farcaster images are uploaded to third-party public file hosts, including a fallback host.
curl -s -F "reqtype=fileupload" -F "fileToUpload=@$image_path" https://catbox.moe/user/api.php ... response=$(curl -s -F "files[]=@$image_path" https://uguu.se/upload.php
Only upload non-sensitive images and make the third-party hosting behavior clear before posting.
Account tier metadata persists locally between runs.
The skill stores account tier detection results in a persistent OpenClaw memory file for 24 hours.
TIER_CACHE_FILE="/home/phan_harry/.openclaw/workspace/memory/twitter-account-tiers.json" ... TIER_CACHE_HOURS=24
Keep the cache scoped to non-sensitive tier metadata and provide a clear way to clear or refresh it.