Content Pilot
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: lobster-content-pilot Version: 1.0.0 The skill bundle is a content generation tool for social media and marketing. The SKILL.md file contains repetitive sections and references to external writing styles (khazix-writer), but lacks any malicious instructions or prompt injection attempts. The shell scripts (test.sh, upgrade.sh) are simple diagnostic tools that only output text to the console without performing any sensitive operations.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user supplies an API key, the skill or runtime may be able to use that provider account, quota, or billing depending on how the key is configured.
The skill discloses that third-party service API keys may be configured, but the registry metadata does not name specific required environment variables or scopes.
| API Key | 按需配置第三方服务密钥 |
Use only provider keys needed for the task, prefer restricted or low-privilege keys where available, and avoid pasting secrets directly into chat prompts.
Prompts, drafts, or uploaded source files such as PDFs could be exposed to the configured model/API provider depending on runtime behavior.
The skill describes API-dependent operation and file-based content generation, implying user-provided materials may be processed through unspecified external services.
- 需要稳定网络连接(API调用依赖) ... content-pilot> 根据这个PDF写篇文章 [文件]
Do not use confidential documents unless the provider and data handling policy are acceptable; review what files or text are supplied before invoking the skill.