ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Livestream Script Generator

v1.0.0

直播带货脚本生成,话术设计、节奏把控、互动环节、促单技巧。适合直播主播、电商运营、MCN 机构。

0· 64·1 current·1 all-time
by@275254cl-hash
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and SKILL.md content align: the skill's stated purpose is to generate livestream scripts, design talk tracks, plan pacing and interactions, and monetize output. However, the metadata declares a required binary ('node') even though there are no code files, no install spec, and the runtime instructions are pure text — requiring node appears disproportionate and unexplained.
Instruction Scope
The SKILL.md contains only instructions and examples for generating scripts, talk tracks, interactions, and monetization. It does not instruct the agent to read local files, access environment variables, call external endpoints, or perform system actions outside generating text, so the instruction scope stays within the stated purpose.
Install Mechanism
There is no install specification and no code files; this is an instruction-only skill. That is the lowest-risk install model because nothing is written to disk by an installer.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. This is proportionate for a text-generation skill. (Note: the sole mismatch is the declared required binary 'node', which is unrelated to environment/credential demands but is still disproportionate.)
Persistence & Privilege
Flags show always:false and default autonomous invocation allowed. This is the platform default and is not combined with broad credential access or other red flags, so persistence/privilege is not a concern here.
What to consider before installing
This skill appears to be a straightforward, instruction-only generator for livestream scripts, and the SKILL.md stays within that scope. However, the metadata unnecessarily declares 'node' as a required binary even though there is no code or install step — ask the publisher why 'node' is required before installing. Additional precautions: do not paste secrets or private data into prompts, review generated scripts for legal/advertising compliance and accuracy before using them on-air, and monitor for future updates that might add install logic or external network calls. If you want complete assurance, request a version with the node requirement removed or with a clear justification for it.

Like a lobster shell, security has layers — review code before you run it.

latestvk972v91gqama2hzakyg7hwwsdh83jndk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
Binsnode

Comments