Latest release: v0.4.0Download zip
Capabilities
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The advertised agent under agent/ is coherent for trend scouting, content drafts, and reports, but top-level AGENTS.md defaults to Agent Studio/dev-mode behavior and tells the agent to ignore the ZooClaw Social runtime files.
Instruction Scope
Top-level startup instructions tell the agent to read and follow an Agent Studio skill, wait before responding, switch modes, and expose /studio commands that are broader than a social-media PR assistant.
Install Mechanism
There is no install spec and the bundle references an external/local .agents/skills/agent-studio/SKILL.md instruction source that is not included in the reviewed files; commands also rely on tools such as uv, curl, and jq despite no required binaries being declared.
Credentials
The visible social-agent workflow uses local data files plus public/web trend sources, which is proportionate for trend scouting and draft/report generation; no credentials, broad private-file indexing, or protected-path writes were shown.
Persistence & Privilege
The agent uses scheduled reminders, heartbeat checks, local mode/onboarding markers, drafts, trend caches, and memory of brand preferences; this is mostly disclosed and purpose-aligned but should be user-controlled.
What to consider before installing
Before installing, verify whether OpenClaw will execute the root AGENTS.md; if so, treat this as an Agent Studio bundle rather than a clean ZooClaw Social runtime unless the publisher removes that scaffolding. If you proceed, expect public trend/web lookups, local storage of brand and draft data, and scheduled reminders. No credential theft, exfiltration, or destructive behavior was evident in the visible artifacts, but some supplied file contents were truncated or omitted, so inspect the full bundle if you need high assurance.