Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Substack Autopilot
v1.0.0Automate drafting and local saving of weekly Substack articles from a topic queue, opening the editor for final human review before publishing.
⭐ 0· 208·0 current·0 all-time
bycaoooqiii@caoqi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's declared purpose (generate drafts, save locally, open Substack editor, notify via Telegram) is coherent with its runtime instructions. However, it expects external integrations (Telegram notifications, a Substack publication identifier, and workspace path placeholders) while the registry metadata declares no required env vars, credentials, or config paths. That mismatch is inconsistent: a legitimate implementation would normally declare the Telegram token/chat id and any publication/workspace configuration.
Instruction Scope
SKILL.md is narrowly scoped to reading/writing files in the workspace (article-topics.json, article-log.json, article-YYYY-MM-DD.md), generating content according to provided frameworks, opening the browser to a Substack editor URL, and sending Telegram notifications. It does not instruct the agent to read unrelated system files or secrets. The main concern is that instructions reference external channels/placeholders (e.g., <telegram_id>, <substack_publication>, <workspace_path>) without explaining where those values come from.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal surface area. Nothing will be written to disk by an installer step beyond the agent executing its normal runtime actions.
Credentials
The skill uses Telegram notifications and requires values such as <telegram_id>, <substack_publication>, <workspace_path> but declares zero required env vars or credentials. It should explicitly declare the credentials (e.g., TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID or the platform-specific channel binding) and any required config. Absence of declared credentials is disproportionate and obscures what secrets the agent will need or use.
Persistence & Privilege
always is false and the skill does not request persistent/autonomous system-wide privileges. The suggested cron schedule is optional guidance. There is no indication it attempts to modify other skills or system-wide agent settings.
Scan Findings in Context
[no_code_files_to_scan] expected: The regex scanner had no code files to analyze because this is an instruction-only skill. That is expected for a skill composed solely of SKILL.md and reference docs, but it means static-analysis signals are limited.
What to consider before installing
This skill appears to do what it says (generate drafts, save them locally, and open Substack for review), but it omits explicit declarations for configuration and credentials. Before installing, ask the publisher to clarify and/or update the skill to declare required settings such as: (1) how Telegram notifications are authenticated (bot token / chat id or platform channel binding), (2) where <substack_publication> and <workspace_path> are provided, and (3) whether any agent connectors (browser profile access, telegram channel) must be pre-configured. Verify that Telegram messages will go to a trusted chat and that no drafts will be auto-published. If you cannot get these clarifications, treat the skill cautiously or run it in an isolated environment where file writes and outgoing notifications are controlled.Like a lobster shell, security has layers — review code before you run it.
latestvk977qwjxvsrqxdjb0f3c3bfa5h82yk0n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.