Trust Assessment
social-post received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Plaintext storage and direct access of API/private keys, Reliance on unverified external scripts and skill repositories.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Plaintext storage and direct access of API/private keys The skill stores highly sensitive credentials, including Twitter API keys and Farcaster custody/signer private keys, in plaintext files (`.env` and `farcaster-credentials.json`). These files are then directly sourced or read by shell scripts, exposing the credentials to the environment and any child processes. While the `SKILL.md` explicitly warns about this, it represents a fundamental security risk. If the system hosting the skill is compromised, these credentials are immediately accessible, leading to potential unauthorized access and financial loss (e.g., Farcaster USDC). Implement a secure credential management system (e.g., a secrets vault, encrypted storage with runtime decryption, or an agent-based system that handles signing without exposing raw private keys). Avoid storing private keys directly in plaintext files accessible by the filesystem. | LLM | SKILL.md:40 | |
| MEDIUM | Reliance on unverified external scripts and skill repositories The skill hardcodes paths to external scripts and another skill's repository (`farcaster-agent`) for core functionality. Specifically, `lib/twitter.sh` executes `/home/phan_harry/.openclaw/workspace/scripts/twitter-post.sh`, and `lib/farcaster.sh` changes directory into `/home/phan_harry/.openclaw/workspace/skills/farcaster-agent/repo` to execute `npm run cast`. If these external scripts or the `farcaster-agent` skill are compromised or modified, the `social-post` skill could be exploited, leading to credential compromise, unauthorized actions, or data exfiltration. The behavior of `npm run cast` is also dependent on the `package.json` within the `farcaster-agent` repo, which is not directly controlled by this skill. 1. Integrate the functionality of `twitter-post.sh` directly into `lib/twitter.sh` or as an inline script to reduce external dependencies. 2. For `farcaster-agent`, consider vendoring the necessary Node.js code and its dependencies directly within the `social-post` skill, or ensure strict version pinning and integrity checks for the `farcaster-agent` skill. 3. Implement integrity checks (e.g., checksums) for all external scripts and dependencies to detect unauthorized modifications. | LLM | lib/twitter.sh:3 |
Scan History
Embed Code
[](https://skillshield.io/report/5e90cd66bd59d7c6)
Powered by SkillShield