v1.0.1

Social Publisher

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:13 AM.

Analysis

The skill appears mainly to format and simulate social posts, but it asks for powerful social-media credentials while advertising real multi-platform publishing that its own artifacts show is unfinished.

GuidanceUse this only as a formatter/simulator unless you independently verify a real publishing implementation. Do not add real WeChat, Xiaohongshu, Zhihu, or Douyin tokens yet; if you later choose to, use least-privileged test credentials, specify target platforms explicitly, preview first, and revoke unused tokens.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

多平台发布：一键发布到微信公众号、小红书、知乎、抖音 ... ### 真实发布模式 ... Roadmap
- [ ] 微信公众号真实 API 实现
- [ ] 小红书真实 API 实现
- [ ] 知乎真实 API 实现
- [ ] 抖音真实 API 实现

The same documentation markets real one-click publishing and a real-publish mode, but later states that real API implementations for all listed platforms are still unfinished.

User impactA user may install the skill or provide credentials expecting real publishing, even though the artifacts indicate the current implementation is only simulation/formatting.

RecommendationTreat this as a formatter/simulator until the real API implementation is clearly present and reviewed; the publisher should remove or clearly qualify real-publishing claims.

Tool Misuse and Exploitation

SeverityLowConfidenceMediumStatusNote

SKILL.md

`--platforms/-p`: 目标平台，逗号分隔（默认：wechat,xiaohongshu,zhihu,douyin） ... `social-publisher publish --title "标题" --content "正文"`

The documented publish workflow is user-directed, but its default target set includes all four platforms, which would be broad for public posting if real API publishing is enabled.

User impactA mistaken or agent-triggered publish command could affect multiple public channels at once in a real-publishing version.

RecommendationUse preview/dry-run first, specify exact platforms explicitly, and require a separate confirmation step before any real public posting.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none ... Install specifications: No install spec — this is an instruction-only skill ... Code file presence: 1 code file(s): social_publisher.py

The skill includes a Python CLI file but provides no source homepage or install specification showing how the advertised command is installed or invoked.

User impactUsers have less provenance and setup clarity than they would with a declared source and install path.

RecommendationReview the included code and command wiring before use, and prefer skills with clear source provenance and installation metadata.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

social_publisher.py

CONFIG_PATHS = [Path.home() / ".openclaw" / "secrets" / "social-publisher.json", Path.home() / ".config" / "social-publisher.json"] ... os.getenv("WECHAT_APPSECRET") ... os.getenv("XIAOHONGSHU_ACCESS_TOKEN") ... os.getenv("ZHIHU_ACCESS_TOKEN") ... os.getenv("DOUYIN_ACCESS_TOKEN")

The code reads social-platform app secrets and access tokens from environment variables and local secret files, while the visible publishing functions are described as TODO/simulated and the registry declares no credential contract.

User impactThese credentials could authorize actions on social media accounts if mishandled or if real posting is later added, so providing them is higher-risk than the visible simulator needs.

RecommendationDo not provide real tokens unless you have reviewed a real API implementation and understand the required scopes; use least-privileged test credentials and revoke them if no longer needed.