Back to skill
Skillv1.0.0
ClawScan security
Weekly Content Planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 6:38 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is a small, instruction-only bash generator that creates a local markdown content calendar and does not request credentials, install code, or contact external endpoints.
- Guidance
- This skill is a simple, local Bash script that generates a markdown content calendar — it does not contact external services or require credentials. Before installing/running: (1) review the generate.sh file (it’s short and only uses date, tr, sed, awk, cat), (2) be aware it will create/overwrite content-calendar.md in the current directory, and (3) if you later pipe the output to an LLM or a scheduling tool, those downstream tools may require credentials or send data externally — review them separately. If future versions add networking, environment variables, or installers, re-evaluate those changes before use.
Review Dimensions
- Purpose & Capability
- okThe name/description (weekly social media content planner) matches the provided artifacts. The only required runtime is Bash and cat, which the SKILL.md and generate.sh legitimately use to produce content-calendar.md. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- okSKILL.md instructs the agent/user to run ./generate.sh with a topic and optional audience. The script only formats text, uses date/sed/awk/tr, and writes a local markdown file. It does not read arbitrary system files, access environment variables, or transmit data to external endpoints.
- Install Mechanism
- okThere is no install spec (instruction-only + a single script). Nothing is downloaded or extracted. This is low-risk and consistent with the skill's functionality.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths and the code does not reference any. That matches the simple local text-generation behavior.
- Persistence & Privilege
- okThe skill is not always-enabled, does not request persistent privileges, and does not modify system-wide or other skills' configuration. It only writes a single output file in the current directory.