Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Content Ideas
v1.0.0Generate content ideas from multiple sources. Aggregates trends from RSS feeds, Reddit, Hacker News, X/Twitter, and web search. Outputs actionable content id...
⭐ 0· 482·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (content idea aggregation from RSS/Reddit/HN/X/web) matches the instructions to pull from those sources and produce idea outputs. However, the SKILL.md instructs the agent to call other local skill scripts (e.g., a node script under /root/clawd/skills/rss-reader) and to read/write local config files, which is more system-level access than a simple 'content idea' generator normally requires.
Instruction Scope
The instructions tell the agent to execute host-local commands (node /root/clawd/skills/rss-reader/scripts/rss.js add ...) and to load files (brand-voice/profile.json, content-ideas/config.json) and write scheduled outputs to content-ideas/... — these are explicit file I/O and modification operations outside a purely read-only aggregation flow. They also direct modification of another skill's configuration (rss-reader). The SKILL.md gives broad discretion to 'check configured sources' and 'search for trending topics', which could lead to use of platform credentials or scraping without explicit constraints.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be downloaded or written at install time by the registry. The runtime instructions are where the risk appears (commands the agent may be told to run), not an installer.
Credentials
The skill declares no required env vars or credentials, which is consistent on its manifest. However, the SKILL.md expects access to external services (Twitter/X, possibly authenticated APIs for engagement metrics) via other skills (bird, x-twitter, web_search). Those integrations typically require API keys or tokens — the skill does not describe where credentials come from. Also, it instructs reading/writing local files (brand-voice/profile.json) without specifying path security or permission expectations.
Persistence & Privilege
The instructions explicitly instruct writing config and output files under content-ideas/ and recommend scheduling cron jobs to run generation tasks. More importantly, they show commands that modify another skill's configuration (rss-reader) by calling scripts under /root/clawd/skills/rss-reader — that constitutes modifying other skills' data/config and is a privilege escalation beyond touching only its own files.
What to consider before installing
This skill could do what it says, but review before enabling: 1) The SKILL.md tells the agent to execute a node script at /root/clawd/skills/rss-reader/scripts/rss.js which modifies another skill's feeds — verify that path and script exist and inspect its contents; do not allow arbitrary modification of other skills without review. 2) Confirm where credentials for X/Twitter or other APIs will come from; the manifest lists none, so the skill will rely on other installed skills or attempt unauthenticated scraping. 3) Check and sandbox any cron tasks and the read/write locations (content-ideas/, brand-voice/profile.json) to ensure they don't expose sensitive data. 4) Prefer use of official integrations (the rss-reader or x-twitter skills) through documented APIs rather than absolute host paths. If you want to proceed: inspect the rss.js script, ensure permissions are limited, run the skill in an isolated environment, and require explicit consent before it modifies other skills or system files.Like a lobster shell, security has layers — review code before you run it.
latestvk971amc1jge87nxygwf48fz5yh81m0nf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.