Content Pilot
PassAudited by ClawScan on May 8, 2026.
Overview
This appears to be a content-generation skill, with no artifact-backed malicious behavior, but users should notice its optional third-party API key and external API/file-processing implications.
This skill is reasonable for marketing and content drafting. Before installing or using it, decide which third-party API/model provider will process your prompts or files, configure only the minimum necessary credentials, avoid sensitive PDFs or private business materials unless approved, and manually review generated public-facing content before publishing.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user supplies an API key, the skill or runtime may be able to use that provider account, quota, or billing depending on how the key is configured.
The skill discloses that third-party service API keys may be configured, but the registry metadata does not name specific required environment variables or scopes.
| API Key | 按需配置第三方服务密钥 |
Use only provider keys needed for the task, prefer restricted or low-privilege keys where available, and avoid pasting secrets directly into chat prompts.
Prompts, drafts, or uploaded source files such as PDFs could be exposed to the configured model/API provider depending on runtime behavior.
The skill describes API-dependent operation and file-based content generation, implying user-provided materials may be processed through unspecified external services.
- 需要稳定网络连接(API调用依赖) ... content-pilot> 根据这个PDF写篇文章 [文件]
Do not use confidential documents unless the provider and data handling policy are acceptable; review what files or text are supplied before invoking the skill.