Content Pilot
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user supplies an API key, the skill or runtime may be able to use that provider account, quota, or billing depending on how the key is configured.
The skill discloses that third-party service API keys may be configured, but the registry metadata does not name specific required environment variables or scopes.
| API Key | 按需配置第三方服务密钥 |
Use only provider keys needed for the task, prefer restricted or low-privilege keys where available, and avoid pasting secrets directly into chat prompts.
Prompts, drafts, or uploaded source files such as PDFs could be exposed to the configured model/API provider depending on runtime behavior.
The skill describes API-dependent operation and file-based content generation, implying user-provided materials may be processed through unspecified external services.
- 需要稳定网络连接(API调用依赖) ... content-pilot> 根据这个PDF写篇文章 [文件]
Do not use confidential documents unless the provider and data handling policy are acceptable; review what files or text are supplied before invoking the skill.