Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Content Creator Bundle
v1.0.0自媒体矩阵套装 - 一人运营全平台,AI赋能内容创作与分发。整合多平台内容改写、定时发布、数据追踪、评论互动能力。1篇文章产出10+平台版本。定价¥149/套。
⭐ 0· 91·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The described capabilities (rewrite, scheduled publish, analytics, comment management) match the listed sub-skills (humanizer, cron, tavily-search, wechat-management, etc.), so the overall purpose is coherent. However, the SKILL.md expects platform APIs/credentials (WeChat app_id/secret and other platform accounts) even though the skill metadata declares no required environment variables or credentials.
Instruction Scope
Runtime instructions tell the agent to install other clawhub skills and to edit config files that include placeholders like ${WECHAT_APP_ID} / ${WECHAT_APP_SECRET} and to reference local drafts (./drafts). The skill's prose also enables autonomous actions (scheduling posts, auto-replies) that will act on external platforms — these require tokens but the skill metadata doesn't declare them. The README further instructs cloning a GitHub repo and running an install.ps1, which could execute arbitrary code if followed.
Install Mechanism
There is no formal install spec in the package metadata (instruction-only). SKILL.md uses 'py -m clawhub install ...' to pull sub-skills (reasonable if clawhub is trusted). README advises git cloning github.com/clawhub/content-creator-bundle and running ./install.ps1 — running repository scripts is inherently higher risk if you don't verify the repo and scripts. No direct downloads from untrusted shorteners or IPs are present.
Credentials
The package declares no required env vars, but the instructions and config templates explicitly reference sensitive credentials (WECHAT_APP_ID, WECHAT_APP_SECRET) and imply other platform auth. This mismatch (no declared primaryEnv or required.env) is inconsistent and may lead users to supply secrets without clear metadata about what is required or how they are used/stored.
Persistence & Privilege
The skill does not request always:true, does not declare system-wide config access, and is instruction-only. It does recommend installing sub-skills which could persist on the agent, but there is no explicit request for permanent elevated privileges in the metadata.
What to consider before installing
This package appears to do what it says (automate multi-platform content creation and posting), but there are important red flags you should address before installing or running anything: 1) The SKILL.md and config templates reference platform credentials (WECHAT_APP_ID, WECHAT_APP_SECRET and other accounts) but the skill metadata does not declare required env vars — confirm which exact credentials are needed and why. 2) The README tells you to git clone a repo and run install.ps1 — inspect that script (and any install scripts) in a safe environment before executing; do not run it blindly. 3) Installing the listed sub-skills (py -m clawhub install ...) and enabling auto-post/comment-reply gives code the ability to post and message as your accounts — only provide tokens with the minimum necessary scope and consider using limited API keys or test accounts. 4) Verify the origin/trustworthiness of the 'clawhub' packages and the GitHub repo owner; review their source code/policies for data handling. 5) If unsure, run initial tests in an isolated VM or container and audit network activity and file writes. If you can, ask the publisher for an explicit list of required env vars, token scopes, and an explanation of what the install scripts do; lack of that information would keep my confidence low and is a reason to be cautious.Like a lobster shell, security has layers — review code before you run it.
latestvk975p8esm08m85apqmf1pcp6w183nx8q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.