ClawHub

Viral Thread Writer

v1.0.1

Turns a single idea, article, or URL into a high-engagement Twitter/X thread with a hook, numbered tweets, and a strong CTA.

0· 101·0 current·0 all-time
by@tetsuakira-vk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Viral Thread Writer) align with the SKILL.md and README: the skill transforms input ideas, pasted articles, or URLs into 5–10 tweet threads. It does not request unrelated credentials, binaries, or filesystem paths.
Instruction Scope
Runtime instructions are narrowly scoped to rewriting user-provided text into a thread format. The SKILL.md explicitly states the agent cannot browse the web and instructs the user to paste article text for URL inputs. It does not instruct the agent to read system files, environment variables, or send data to third-party endpoints.
Install Mechanism
The skill is instruction-only and contains no install spec or code files (low risk). The README mentions installation via `npx clawhub install`, which implies running a remote installer if you follow that path — users should be aware that running npx will execute remote code from the registry and requires Node.js. The skill package itself (as provided) does not include a download URL or extracted artifacts.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md does not access secrets or other env vars. No disproportionate secret access is requested.
Persistence & Privilege
The skill is not forced-always (always: false). It does not request persistent system-wide privileges or modify other skills' configs. Autonomous invocation is allowed by default but is normal for skills and is not combined with other concerning flags.
Assessment
This skill appears internally consistent and low-risk: it only transforms user-supplied text into formatted X threads and asks for no secrets. Before installing, consider: 1) Do not paste private or sensitive content (the skill expects pasted article text and will output whatever you provide). 2) The README suggests installing via `npx clawhub install` — running npx executes remote code, so only run that if you trust the source (and ensure you trust the ClawHub publisher). 3) The Pro upgrade link is an external payment page; it is unrelated to the skill's runtime behavior but will involve a third-party vendor. If you need the skill to fetch web pages automatically, note the SKILL.md explicitly forbids browsing and requires you to paste article text — automatic URL fetching is not implemented. Overall this looks coherent for its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eewgex6hjqczzw9bf81w0t583nhnx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments