Viraloop

OpenClaw AI agent skill for automated TikTok and Instagram carousel growth. Analyzes any website URL to extract brand, competitors, value proposition, then g...

Summary of what to consider before installing and running this skill: - It does what it says (analyze a website, generate images via Gemini, and publish via Upload-Post), but there are several mismatches and risky defaults you should be aware of. - High-impact behavior: by default the skill is written to run the full pipeline without asking and to post directly to your feed (public) with auto music. If you do not want automatic live posting, do NOT run publish-carousel.sh with your real account token; edit the script to post to drafts or disable auto_add_music/privacy=PUBLIC_TO_EVERYONE. - Environment variables: the declared required vars omit UPLOADPOST_USER, but the scripts require it at runtime. Set UPLOADPOST_USER or modify scripts to make it truly optional. - Persistence: the skill keeps learnings.json in the skill directory (persisting across runs). If you prefer ephemeral data, change learn-from-analytics.js to write to /tmp or another approved path. - Command-safety: publish-carousel.sh constructs a curl command and runs it via eval including caption text. That is fragile and can be exploited if untrusted strings reach caption. Before using, sanitize/escape caption and other variables (or use a direct curl invocation with array args instead of eval). Also review any data that could come from websites (analyze-web.js) before it's sent to external APIs. - Scheduling/autonomy: SKILL.md asks the agent to auto-adjust cron/schedules but there is no code doing that; if you intend to have daily runs, implement scheduling externally (cron, task scheduler, or orchestration) rather than letting an agent modify schedules. Prefer manual approval or at least a confirmation step before first live publish. - Test safely: run the pipeline with dummy/test accounts and tokens first. Confirm image generation, captions, and publishing behavior. Verify what is sent to Gemini/Upload-Post and that nothing sensitive is being uploaded. - If you are not comfortable reviewing and tightening the scripts yourself, do not supply real account tokens. Consider using a sandbox or creating throwaway social accounts to evaluate behavior. If you want, I can: (a) list the exact lines you should change to disable auto-publishing / make UPLOADPOST_USER truly optional, (b) show how to harden the curl invocation to avoid eval-based injection, or (c) produce a checklist to safely test this skill in a sandboxed environment.

Type: OpenClaw Skill Name: viraloop Version: 0.1.0 The skill bundle contains a significant shell injection vulnerability in 'scripts/publish-carousel.sh' where website-derived content is executed via 'eval'. Additionally, 'SKILL.md' contains high-risk instructions directing the AI agent to operate with total autonomy, specifically forbidding it from asking for user confirmation and encouraging it to modify its own automation schedules. While these appear to be functional design choices for an 'autonomous growth engine' rather than intentional malware, the combination of shell injection risks and the lack of human-in-the-loop oversight makes the bundle highly susceptible to prompt-injection attacks from malicious websites.