Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Substack
v1.0.0Publish, edit, and manage Substack posts for the Alternative Partners publication (alternativepartners.substack.com) via the internal REST API. Use this skil...
⭐ 0· 112·0 current·0 all-time
byBenjamin Reynolds@breynol01
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (Substack publishing for alternativepartners.substack.com) matches the instructions. However the runtime instructions assume the existence of local modules (publishers/substack.py, publish_runner.py, research_gate.py) and a content pipeline at ~/Documents/Codex/Content/ap-content-pipeline/, none of which are present in this skill bundle or declared as dependencies. That makes the skill unusable as packaged and is an incoherence.
Instruction Scope
SKILL.md instructs the agent to read a browser cookie from Chrome DevTools, set a SUBSTACK_SID env var, call local Python modules, run curl commands with the cookie, and rely on an internal 'publisher' implementation. It also mentions a search API key for the pipeline. These instructions reference local files, secrets, and operational steps outside the skill's package and the declared metadata — granting the agent broad filesystem and secret access in order to operate.
Install Mechanism
No install spec and no code files (instruction-only). That is low install risk, but it also means the skill by itself contains no implementation; it merely documents how to use other local tools.
Credentials
The instructions explicitly require a session cookie (SUBSTACK_SID) and mention a search API key, but the registry metadata lists no required environment variables or primary credential. There is also an internal inconsistency: the document refers both to a 'connect.sid' session cookie and to 'substack.sid' as the cookie name. Requesting a long-lived browser session cookie is plausible for Substack automation, but the missing declaration and cookie-name mismatch are red flags.
Persistence & Privilege
The skill does not request always:true and does not install persistent components. Autonomous invocation is allowed by platform default (disable-model-invocation: false) — this is normal and not by itself a red flag. The bigger issue is that the skill instructs use of local scripts and secrets, which may give an agent access to sensitive data if present on the host.
What to consider before installing
Do not install or enable this skill without validating the environment it expects. Key checks: 1) The SKILL.md expects local code (publishers/substack.py, publish_runner.py, research_gate.py) and a pipeline directory — confirm those files exist and inspect their source before use. 2) The skill needs a browser session cookie (named inconsistently as connect.sid / substack.sid) in SUBSTACK_SID; storing a long-lived session cookie in env/secrets is sensitive—consider using an official API token or OAuth if available. 3) The skill metadata does not declare required env vars or dependencies — ask the publisher to update metadata to list SUBSTACK_SID and any search API key, and provide the code or a clear install spec. 4) Verify the pipeline code does not change send_email behavior, exfiltrate content, or call unexpected external endpoints. If you control the AP content pipeline and the referenced modules are legitimate and auditable, this skill may be usable; if not, treat it as incomplete and potentially risky.Like a lobster shell, security has layers — review code before you run it.
latestvk972jhgzsr6d1q65wmxmyt9c7183b0nj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.