Skills
skills/storyclaw-official/skills/storyclaw-autoposter/Gen Agent Trust Hub

storyclaw-autoposter

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits the user's StoryClaw API key and social media content to an external API endpoint (https://aipuejhjwmabtobjrqdz.supabase.co). This is the intended functional behavior required for the skill to interact with the StoryClaw service.
  • [COMMAND_EXECUTION]: The skill instructs the agent to use a curl command to upload local media files to the service's backend. This operation is used as a prerequisite when a user provides local images or videos for posting.
  • [PROMPT_INJECTION]: The skill ingests and processes user-supplied text for social media 'optimization' and publishing, which creates a surface for indirect prompt injection. This risk is mitigated by a mandatory confirmation flow in SKILL.md and SKILL.zh-CN.md that requires the user to review and explicitly confirm the final content and target platforms before any API calls are made.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 09:35 PM