ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Social Post Batcher

v1.0.0

把一个主题拆成 7/14/30 条系列帖子,控制重复度和叙事连续性。;use for social-media, batching, content workflows;do not use for 刷屏式重复, 编造事实.

0· 72·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (splitting a topic into 7/14/30 posts, controlling repetition/continuity) align with the included files: spec.json, template.md, examples, and a local Python script that generates structured markdown reports. Requested runtime dependency is only python3, which is reasonable for the provided script.
Instruction Scope
SKILL.md instructs the agent to produce structured drafts and, optionally, to run the local script (python3 scripts/run.py) or to produce output from the provided template/spec. The instructions explicitly discourage publishing, fabricating facts, or performing external writes, and they reference only local resources (resources/spec.json, resources/template.md, examples). The script reads local files/directories provided as input, which is consistent with its documented auditing/generation modes.
Install Mechanism
No install spec is present (instruction-only plus a local script). No network downloads or package installs are performed. This is the lowest-risk install pattern and matches the README which states only python3 and standard library are required.
Credentials
The skill does not request any environment variables, secrets, or credentials. The script only reads files/directories passed as input; no hidden credential access, no external endpoints, and no unexpected env usage were found.
Persistence & Privilege
The skill is not marked always:true and does not attempt to persist configuration or modify other skills. It is user-invocable and can be invoked autonomously by the agent (platform default), which is appropriate for this type of utility.
Assessment
This skill appears coherent and local-only, but take these precautions before running it: (1) inspect scripts/run.py yourself (it is small and readable) and run it in a sandbox or isolated workspace first; (2) do not point --input at directories that contain secrets, credentials, or system configuration (home directory, ~/.aws, etc.), since the script will read files you give it; (3) prefer dry-run mode or output to a file for review before taking any publishing action; (4) if you plan to integrate with publishing systems, require explicit confirmation and separate auth tokens — the skill itself does not perform external publishing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f49tm6yf443kdav72qpthx5839kyv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧵 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments