Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Content Repurposer
v1.1.0Transform long-form content into platform-optimized snippets. Your agent takes one blog post, video transcript, or podcast notes and generates ready-to-publish Twitter threads, LinkedIn posts, email newsletters, and Instagram captions. Maintains voice consistency while adapting to each platform's format, length, and engagement patterns. Configure tone preferences, platform priorities, and output formats. Use when publishing content across multiple channels, repurposing existing material, or maximizing reach from a single piece of content.
⭐ 1· 1.3k·28 current·28 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the included scripts: the tool reads a source file or URL, extracts key points, and generates platform-specific outputs. Required actions (reading ~/ .config, writing outputs, calling system tools like jq/curl/html2text/pbcopy) are proportionate to the stated purpose. The config schema, platform options, and file outputs are coherent.
Instruction Scope
The scripts and SKILL.md instruct the agent to read user content and the user's config (~/.config/content-repurposer/config.json), which is expected. However, each platform prompt embedded in the scripts repeatedly asks the LLM to "think step-by-step" and "Rate your confidence" — this is an explicit chain-of-thought pattern that can prompt the model to reveal internal reasoning. The pre-scan detected unicode-control-chars in SKILL.md, which can be used to manipulate prompt parsing. These prompt patterns and hidden characters are scope-creep / prompt-injection risks and should be removed or sanitized.
Install Mechanism
There is no remote install/download — this is shipped as local scripts and an example config. That's low-risk. Note: the scripts assume external dependencies (jq, curl, html2text, iconv, pbcopy on macOS, and optionally a 'clawdbot' tool). Those dependencies are reasonable for the task but should be installed from trusted sources and audited prior to running.
Credentials
The skill declares no required environment variables or credentials and only reads a user-scoped config in ~/.config/content-repurposer/config.json. The config stores non-sensitive settings (voice, platform prefs, user.name/brand/primary_cta). No service API keys are requested. This is proportionate to the stated functionality.
Persistence & Privilege
The skill does create a config and a repurpose log under the user's home directory (normal for a CLI tool). It does not request 'always: true' and does not modify other skills or system-wide agent settings. It writes only to its own directories.
Scan Findings in Context
[unicode-control-chars] unexpected: The scanner found unicode control characters in SKILL.md. These can hide or alter prompts and are commonly used in prompt-injection attacks to change parsing or instructions. For a repurposing tool this is unnecessary and should be removed; it increases the risk that an LLM will be manipulated at runtime.
What to consider before installing
This package mostly does what it says and stores its config under your home directory, but exercise caution before running it. Steps to consider:
1) Inspect and sanitize files: open SKILL.md and every script in a text editor that makes control characters visible (e.g., show invisibles) and remove any unexpected unicode-control characters. Remove or reword lines that ask the model to "think step-by-step" or "rate your confidence" (these induce chain-of-thought and can leak internal reasoning).
2) Check dependencies: confirm jq, html2text, iconv, curl, and any clawdbot tools come from trustworthy sources. html2text and similar utilities can be installed from official repositories.
3) Test in isolation: run the scripts in a sandbox or throwaway account first (not on sensitive content). The scripts can fetch remote URLs (curl or clawdbot web_fetch) — do not give private URLs or secrets to test runs.
4) Review config: the example config stores user.name, brand, and primary_cta; avoid putting API keys or secrets into config.json. The skill does not declare any credentials, but double-check before adding them.
5) Prefer removing mock/placeholder prompts and verify how real LLM calls are made: currently the scripts include MOCK_RESPONSE placeholders; when enabled to call the platform's LLM tool, ensure the 'clawdbot' tool (or other runner) is trusted and that you understand where data is sent.
If you want, I can produce a cleaned version of the prompts that remove chain-of-thought instructions and flag invisible characters, or point out exact lines to edit.Like a lobster shell, security has layers — review code before you run it.
latestvk97dge3akxtxb7jzqjde0kbjf980y5mb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
♻️ Clawdis