ClawHub

Report Generator Adarsh

v1.0.0

Generates a structured marketing audit report from aggregated data using a single GPT-4.1-mini API call with six predefined sections.

0· 234·1 current·1 all-time
byAdarsh More@adarshvmore
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (single GPT-4.1-mini call to produce a marketing audit) matches the SKILL.md implementation pattern, but the registry metadata lists no required environment variables or primary credential while SKILL.md explicitly lists OPENAI_API_KEY as the auth dependency — that's an incoherence in declared requirements.
Instruction Scope
SKILL.md is instruction-only and limited to: one system prompt, one user message with AuditData JSON, a single OpenAI call, parsing markdown, and returning a fallback if the API fails. It does not instruct reading system files or paths. However, it calls for token-usage and error logging with unspecified storage/targets and mentions a 'competitor collector fallback' (other modules) which are not included — these areas are underspecified and could expand scope at runtime.
Install Mechanism
There is no install spec and no code files; being instruction-only is low-risk from an installation perspective.
!
Credentials
The skill requires an OpenAI API key (OPENAI_API_KEY) per SKILL.md but the registry lists no required env vars or primary credential. Requiring a secret API key is expected for this functionality, but it must be declared explicitly in metadata. Also, the SKILL.md states raw AuditData is sent to OpenAI; if that data contains PII or sensitive info, the credential and data exfiltration risk should be clearly documented.
Persistence & Privilege
always:false and no install actions mean the skill does not request persistent system privileges. Autonomous invocation is allowed (default) but is not combined with other high-risk indicators here.
What to consider before installing
Do not install yet. Ask the publisher to correct the registry metadata to declare OPENAI_API_KEY as a required env var (and set primary credential), and to provide source/homepage or code so you can review where logs and fallback reports are stored. Confirm where token-usage and error logs are written and who can access them. Ensure the AuditData does not contain sensitive or personally identifiable information before sending it to OpenAI, or add redaction. If you cannot get these clarifications and a source repository, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk9722cgxawvyt2g59tvs08cb3n82bd8k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments