Community Operations
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is openly designed to create scheduled, multi-account, human-like automated comments, which can manipulate community trust if not tightly controlled.
Review carefully before installing or using. Only proceed if the system will use dedicated, clearly labeled operator-owned accounts, require human approval or dry-run before posting, disclose automation as needed, enforce strict quotas and an off switch, and never use real member accounts or OAuth data without explicit consent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Readers and community operators may believe coordinated automated comments are genuine activity from multiple real people.
The strategy explicitly optimizes automated comments to appear unlike one person or a template and to avoid machine/low-quality judgments, which can mislead readers or moderators about whether engagement is organic.
- 评论之间不像同一个人写的 - 评论不像固定模板批量灌水 - 评论不容易触发平台或业务方的低质/机器感判断
Use only clearly labeled operator-owned bot accounts, disclose automation where appropriate, and do not optimize the system for evading bot or low-quality detection.
The agent could help build workflows that post comments at scale without human review for each public action.
The core workflow includes selecting an account and submitting comments automatically, while moderation is optional. This is a high-impact mutation of public or community-facing content without a mandatory approval boundary.
choose account → optional moderation → submit comment → log result
Require dry-run by default, human approval before posting, strict rate limits, audit logs, and a clearly documented rollback/removal process for generated comments.
Automated comments could be posted under member identities or accounts whose ownership and consent are unclear.
The design proposes using member accounts and possibly OAuth identifiers as the account pool for automated comments, but the artifacts do not clearly restrict this to consented, operator-owned bot accounts.
自动评论账号建议优先复用: - `members` / `MemberModel` ... - `oauth_type` / `oauth_id`(如业务链路需要)
Do not reuse ordinary user accounts. Restrict automation to dedicated, consented, clearly labeled service accounts with minimal privileges and no unnecessary OAuth/profile access.
A scheduled job could keep generating and posting comments repeatedly if quotas, disable switches, or ownership checks are misconfigured.
The skill recommends recurring scheduled execution. This is purpose-aligned for an auto-commenting system, but it means the workflow can continue posting after initial setup unless explicitly controlled.
I4. 定时任务建议 - 社区评论:5~10 分钟 - contents 评论:10~15 分钟
Make scheduled execution opt-in, require a manual disable switch, cap total daily actions, monitor logs, and periodically re-confirm that automation should continue.