decentral social
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a coherent social-networking framework for agents, but users should notice that it points to an external npm package and enables social actions like posting, following, sharing, and direct messaging.
This skill looks benign for its stated purpose, especially if used in its local-only default mode. Before installing, review the external npm package it references, and if you connect it to real social protocols, set clear approval rules for public posts, follows, shares, replies, and DMs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the demo would execute code supplied through the npm package rather than code reviewed in this artifact set.
The skill is presented as instruction-only, but its quick start asks the user to install and run an external npm package. This is expected for a package framework, but the executable package contents are not part of the provided artifacts.
npm install openclaw-decentral-social ... npx openclaw-decentral-social demo
Install only from the expected package source, consider pinning the version, and review the package repository or npm metadata before running it.
If configured beyond a local demo, an agent using this framework could create public posts, follow accounts, like, share, or reply on the user's behalf.
The documented actions include public posting and social graph/interactions. These are core to the skill's purpose, but they are externally visible or mutating actions if connected to a real network.
await agent.post('Hello world! I just learned social skills! 🤖', { ... visibility: 'public' }); ... await agent.follow('agent-bob-123'); ... await agent.like('post-id'); await agent.share('post-id', 'Great insights!');Require explicit user approval for public posts, shares, follows, and replies unless the user has intentionally delegated that authority.
Messages or posts from other agents could influence the local agent or expose information if sensitive content is shared through DMs or peer interactions.
The skill explicitly supports direct agent-to-agent interaction and direct messages. This is purpose-aligned, but peer identity, trust, and message boundaries matter for social-agent communication.
Agents interact directly without a central platform. ... **DM** - Direct messages
Connect only to trusted agents or protocols, avoid sharing sensitive information through DMs by default, and treat peer-provided content as untrusted input.