v1.0.0

Content Creator Bundle

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:21 AM.

Analysis

This bundle is not clearly malicious, but it asks for broad social-platform account authority, scheduled public posting/comment automation, and an unreviewed external install path that users should review carefully.

GuidanceInstall only if you are comfortable granting social-platform posting and interaction authority. Before use, inspect the external repository and install script, review each dependent skill, use test or least-privileged accounts, require manual approval for every publish/reply/like/private message, and keep a clear way to cancel scheduled jobs and revoke credentials.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

多平台定时发布、内容日历、批量排期 ... 提前规划，自动执行 ... 评论自动回复、粉丝互动、私信管理

The intended workflow includes scheduled/bulk publishing plus automatic comment and private-message handling. These are high-impact account mutations, and the artifacts do not define strict confirmation or scope limits.

User impactIncorrect or unintended content could be posted, replied to, liked, or sent across multiple public platforms under your account.

RecommendationRequire explicit user confirmation before every publish, reply, private message, or like; preview all generated content; and limit automation to specific platforms and schedules.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

README.md

git clone https://github.com/clawhub/content-creator-bundle.git
cd content-creator-bundle
./install.ps1

The README directs users to clone a remote repository and run an install script that is not present in the supplied artifact set, while the registry has no install spec. That creates a provenance gap for setup code.

User impactRunning the unreviewed external install script could install or change local skills and dependencies in ways not visible in the reviewed package.

RecommendationInspect the remote repository and install script before running them, pin a trusted commit or release, and prefer reviewed registry dependencies over ad-hoc setup scripts.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

定时发布 (cron / qqbot-cron) ... scheduled_posts: ... status: "scheduled"

The bundle is designed to schedule future actions through cron-style tools, but the artifacts do not describe expiration, cancellation, review, or re-approval controls for those scheduled jobs.

User impactPosts may be published later after the immediate conversation has ended, potentially without fresh review.

RecommendationReview scheduled jobs regularly, set expiration or cancellation rules, and require re-confirmation before scheduled public posts are released.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

app_id: "${WECHAT_APP_ID}"
app_secret: "${WECHAT_APP_SECRET}"
... - 各平台账号权限

The skill instructs users to configure social-platform app secrets and account permissions, while the registry metadata declares no credentials. This grants delegated authority over user platform accounts.

User impactThe agent or dependent skills could act through your social accounts, including publishing content or interacting with followers, if granted these credentials.

RecommendationUse least-privileged app keys or OAuth scopes, avoid sharing passwords, verify each dependent skill before authorizing it, and revoke tokens when no longer needed.