Back to skill
Skillv1.0.0
ClawScan security
Danke Blog Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 1:29 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (blog drafting, humanizing, and optional publish flow); included scripts operate on local text/files and there are no requested credentials or risky external installs.
- Guidance
- This skill appears to do what it says: help draft, 'humanize', and optionally publish blog posts. Before installing or using it, consider: 1) Review and approve any content the skill prepares before publishing — humanize.py will insert '我觉得' / '个人经验' and platform-specific emojis/headers which may misrepresent authorship or add claims. 2) Publishing requires the halo-blog skill (and its credentials); confirm how that other skill gets authorized and that you consent to any publish action. 3) The manage_examples utility can delete files in the skill's own references/blog-examples folder if run with --execute; only run pruning commands you understand. 4) If you care about copyright/attribution, review the included style/reference material (some parts reference external authors). If you want higher assurance, run the scripts on sample text locally and inspect outputs before enabling automated publish actions.
Review Dimensions
- Purpose & Capability
- okName/description match the contents: SKILL.md, style references, headline examples, and two small scripts all implement drafting/humanizing and example management. No unrelated credentials, binaries, or install steps are requested.
- Instruction Scope
- noteInstructions stay inside the blog-writing workflow (topic → title → draft → humanize → publish). Note: the publish step says to call a separate halo-blog skill and provides a target site URL, but the SKILL.md does not declare how publishing auth is handled — publishing requires that the agent or the halo-blog skill has valid credentials. The humanize script will automatically insert first‑person markers (e.g., '我觉得', '个人经验') and platform-specific decorations (emojis, '【分享】'), which can change authorship tone or add claims of personal experience; review outputs before publishing.
- Install Mechanism
- okNo install spec; the skill is instruction-first with small local scripts. No downloads, package installs, or external installers are used.
- Credentials
- okThe skill requires no environment variables, credentials, or system config paths. The only external reference is a target blog URL in the publish instructions. That is proportionate to a blog-publishing workflow but remember publishing still needs credentials managed elsewhere.
- Persistence & Privilege
- okalways:false and standard invocation settings. The utility script manage_examples.py can delete files in the skill's own references/blog-examples directory when run with the prune/--execute option; it does not request system-wide privileges or modify other skills.