ClawHub

PostQube Threads Publisher

v1.1.1

A powerful social media posting skill for PostQube. Triggers when the user wants to: - Publish a post to Threads. - Create a "Thread Storm" or "Auto-chained"...

0· 79·0 current·0 all-time
byWan Fahmi@wanfahmi11
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (posting to Threads via PostQube) matches the declared requirements: a single POSTQUBE_API_KEY and curl. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md tells the agent to validate the POSTQUBE_API_KEY, confirm with the user, and call PostQube endpoints (postqube.quickbitsoftware.com) with curl. It does not instruct reading other files, scanning the system, or sending data to unrelated endpoints.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk. It only requires curl to be present, which is proportionate for making HTTP requests.
Credentials
Only one environment variable is required (POSTQUBE_API_KEY) and it is declared as the primary credential. That aligns with the API usage described in the instructions.
Persistence & Privilege
The skill is not always-on (always: false) and does not request system-wide persistence or modify other skills. It can be invoked autonomously per platform defaults, which is expected for a callable skill.
Assessment
This skill appears coherent and low-risk, but before installing: verify the PostQube service and domain are legitimate; use a dedicated API key with minimal scope; never paste the API key into messages; confirm each post before the skill sends it (the SKILL.md also recommends this); monitor posted content and API usage/quota; and be aware the agent can invoke the skill when asked (autonomous invocation is platform-default). If you want extra safety, create a restricted API key and limit the agent's ability to run skills automatically.

Like a lobster shell, security has layers — review code before you run it.

latestvk972bb7d30b2gbvkt22htjvj6184v6p2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📱 Clawdis
OSmacOS · Linux
Binscurl
EnvPOSTQUBE_API_KEY
Primary envPOSTQUBE_API_KEY

Comments