ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Blog Master — Universal SEO Blog Writing System

v1.0.1

Write SEO-optimized blog posts for any niche and publish them to WordPress, Google Business Profile, and Google Blogger. Includes AEO triggers for AI search...

0· 1.3k·5 current·5 all-time
by@danielblinker83-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill explicitly claims it can 'publish' to WordPress, Google Business Profile, and Blogger, yet the registry metadata and SKILL.md declare no required environment variables, no primary credential, and no install steps. Real publishing requires OAuth/API credentials or application passwords and usually client libraries or APIs; the lack of any credential or tooling requirements is incoherent with the stated publishing capability.
Instruction Scope
The SKILL.md itself is primarily a content-writing template and SEO checklist, which is appropriate for a blog-writing skill. There is a 'Publication Channels Guide' that outlines what to fill in for WordPress/GBP etc., but the manifest contains no concrete API calls, credential handling, or steps to authenticate. The instructions are vague about publishing and leave much to agent/user discretion — this gives the agent broad leeway (e.g., to ask the user for credentials or to call external services) without defining safe boundaries.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no installation of third-party code or archived downloads. That minimizes disk-write and supply-chain risk.
!
Credentials
No environment variables or credentials are declared even though the skill describes publishing to external platforms. Either the skill is only intended to produce content locally (in which case the publish claim is misleading) or it expects the agent or user to supply credentials at runtime (which raises risk if the skill asks for secrets in chat). The absence of declared required credentials is disproportionate to the described capability.
Persistence & Privilege
The skill does not request 'always: true' and has no install actions or requests for modifying agent-wide settings. It does reference other skills (e.g., 'Brand DNA skill') but does not claim to access other skills' configs or credentials.
What to consider before installing
This skill looks like a useful content template but contains a notable mismatch: it claims to publish to WordPress/Google platforms yet asks for no credentials or install actions. Before installing or using it, consider the following: (1) Assume the skill will only produce content — do not paste API keys, OAuth tokens, or passwords into chat. (2) If you want automated publishing, prefer tools or skills that use standard OAuth flows or documented application passwords and that explicitly declare the credentials they need. (3) Ask the publisher (or inspect SKILL.md) for exact publish steps: how authentication is handled, whether tokens are stored, and what scopes are required. (4) Test on a non-production/staging site and use least-privilege tokens (e.g., WordPress application passwords limited to publishing). (5) If the skill later asks you to paste credentials or run commands, treat that as high-risk and decline until you confirm safe handling and storage. If you need help drafting a safe workflow for publishing (manual export of markdown → use official clients/APIs), I can suggest one.

Like a lobster shell, security has layers — review code before you run it.

aeovk970w8wmvav96hrx72abk213ed81th19bloggingvk970w8wmvav96hrx72abk213ed81th19contentvk97dxhv0xkk77ns46ef8j5pqn581v2pccontent-writingvk970w8wmvav96hrx72abk213ed81th19latestvk970w8wmvav96hrx72abk213ed81th19marketingvk970w8wmvav96hrx72abk213ed81th19seovk970w8wmvav96hrx72abk213ed81th19social-mediavk97dxhv0xkk77ns46ef8j5pqn581v2pcwordpressvk970w8wmvav96hrx72abk213ed81th19

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments