Content Scorer
v1.0.2Score marketing copy for resonance, hook strength, NLP technique usage, and conversion readiness. Returns a 0-100 Content Resonance Score with per-dimension...
⭐ 1· 77·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (marketing copy scoring) match the observed behavior: python3 script that scores and rewrites copy and optionally calls Anthropic. Requiring ANTHROPIC_API_KEY and installing the 'anthropic' package is proportionate for the premium (Claude Haiku) backend. python3 as an anyBin is sensible.
Instruction Scope
SKILL.md describes local-only modes (demo, compliance-only) and an Anthropic premium path. The code implements local backend and an Anthropic fallback and performs only copy scoring, compliance checking, and LLM calls. Minor mismatch: an included QA report notes that --demo and --version flags were missing from the argparse implementation; that is an implementation bug/documentation mismatch but not evidence of exfiltration or scope creep.
Install Mechanism
Install spec pulls the 'anthropic' package (PyPI) which matches the declared primaryEnv. This is a typical dependency for using Claude via the official client. No downloads from unknown personal servers or archive extraction are present in manifests.
Credentials
Only ANTHROPIC_API_KEY is required as a primary credential, which is appropriate for the described premium functionality. The code also reads LLM_BACKEND from env to choose local vs remote; no unrelated secrets or platform credentials are requested.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide configs. It uses normal agent invocation (disable-model-invocation is default false), which is expected behavior for a skill of this type.
Scan Findings in Context
[qa_missing_demo_flag] unexpected: The included qa-skill.md (QA report) states --demo is documented in SKILL.md but missing from argparse; this is a functional/documentation bug (not a malware indicator).
[qa_missing_version_flag] unexpected: QA report also flags that --version isn't implemented despite being in usage docs. Again, an implementation mismatch rather than malicious behavior.
[compliance_substring_bug] unexpected: QA described an earlier substring-matching bug for the compliance checker. The version of score_content.py included here appears to use word-boundary regex (re.search with re.escape), indicating the bug was fixed; still, this was a correctness issue, not exfiltration.
Assessment
This skill appears to do what it says: local compliance checks and optional premium scoring using Anthropic Claude. Before installing, consider: (1) If you care about privacy, understand that any copy you send via the premium path will go to Anthropic — use the local backend (LLM_BACKEND=local) for local-only processing. (2) Review the code (score_content.py) yourself if you plan to send sensitive text; the script directly sends provided copy to an LLM. (3) The SKILL.md and code have small mismatches (demo/version flags); expect minor bugs and test demo/compliance modes locally before integrating into pipelines. (4) The installer will fetch the 'anthropic' Python package from PyPI — ensure that aligns with your dependency policies. If you want higher assurance, ask the author for a signed release or run the script in a sandboxed environment and check network traffic to confirm where data is sent.Like a lobster shell, security has layers — review code before you run it.
latestvk973hhwtqncs2gp20qh7sew09983s84w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎯 Clawdis
Any binpython3
EnvANTHROPIC_API_KEY
Primary envANTHROPIC_API_KEY
Install
uv
uv tool install anthropic