Skillv1.0.0

ClawScan security

FakeX-Till-YouAI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 7, 2026, 10:09 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (turning digests into X drafts and optionally publishing) but it comes from an unknown source, will ask for and persist X API credentials to a file in your home directory, and references local helper scripts that are not included — review before enabling automatic publishing.
Guidance: This skill appears to do what it says, but take these precautions before using it in 'full automatic' mode: 1) The package is instruction-only and from an unknown source with no homepage — if you plan to let it publish automatically, prefer to inspect the actual publishing scripts ('tools/x_post_via_api.js' and 'tools/x_schedule_posts.js') or provide your own implementations, since they are not included. 2) It will ask for and store your X API credentials at ~/.x-post-orchestrator/config.json; expect them to be stored in plaintext unless the skill or your environment encrypts them. Use tokens with minimal scopes and be prepared to rotate them if you stop using the skill. 3) If you are uncomfortable giving persistent publishing access, use the half-automatic workflow (copy/paste) instead. 4) Because the skill can be invoked autonomously by the agent platform, only enable automatic publishing after verifying the code path that performs API calls and ensuring you trust the skill/source.

Review Dimensions

Purpose & Capability: okThe name and description (generate X post drafts from a digest and optionally publish) align with the SKILL.md. Asking for X API credentials only when the user selects 'full automatic' is coherent. Recommending the external 'follow-builders' digest companion is explanatory, not required.
Instruction Scope: noteThe SKILL.md confines itself to the posting layer (collect preferences, read a provided digest, generate drafts, let the user select and schedule, and publish if given credentials). It instructs the agent to read 'the digest' (no fixed path) and to use local scripts 'tools/x_post_via_api.js' and 'tools/x_schedule_posts.js' when available — these scripts are referenced but not included in the package, so automatic publishing may depend on external code the skill doesn't ship. The document also requires storing persistent settings and credentials in a home-directory file.
Install Mechanism: okNo install spec or code files are provided (instruction-only). Nothing is downloaded or written by the installer itself, which minimizes install-time risk.
Credentials: noteThe skill declares no required environment variables, which matches the instruction-only package. It will, however, ask interactively for X API key/secret/access token/access token secret in full automatic mode and persist them to ~/.x-post-orchestrator/config.json. Collecting those credentials is proportionate to the stated purpose, but there is no guidance about encryption/secure storage or minimum scopes, so stored secrets may be left unencrypted on disk.
Persistence & Privilege: notealways:false (no forced global presence). The skill writes persistent configuration (including credential presence/state and posting preferences) to ~/.x-post-orchestrator/config.json in the user's home directory — this is a meaningful filesystem persistence of secrets and preferences but not unexpected for this functionality. Because the platform allows autonomous invocation by default, granting full-automatic mode and providing credentials enables the agent to publish without further confirmation unless user controls are applied.