ClawHub

Content Creator

v1.0.0

Orchestrates humanizer, de-ai-ify, copywriting, and tweet-writer to create authentic, persuasive, platform-tailored content with clear engagement and factual...

0· 721·0 current·0 all-time
byHagen Hoferichter@h4gen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is a meta-orchestrator that coordinates four writing/editing sub-skills. Requiring node and npx is coherent because the SKILL.md explicitly instructs using npx to install those upstream skills. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md stays on-topic: it collects user inputs, prescribes a five-stage editing pipeline, and invokes named upstream skills. It does not ask to read local files, system config, or any unrelated environment variables. However, the instructions do require running network install commands (npx clawhub@latest ...) which will fetch and execute remote code.
Install Mechanism
There is no formal install spec in the package, but the runtime instructions tell the operator to run npx -y clawhub@latest install <skill> and npx update --all. npx performs on-demand network fetch and executes code from the npm/registry namespace (clawhub and the listed skills). This is a common mechanism but carries moderate risk: remote code execution and supply-chain changes if the remote package changes. Consider pinning versions and auditing the clawhub and upstream skill packages before running them.
Credentials
The skill declares no required environment variables or credentials, which matches its content-creation purpose. Note: the upstream skills it installs could themselves request credentials or env vars; the SKILL.md notes an optional analyzer (ai-humanizer) — check those upstream manifests for any additional secrets.
Persistence & Privilege
No elevated persistence requested: always is false, disable-model-invocation is false (normal), and there are no config paths or system-wide modifications declared. The skill does instruct installing other skills locally, but that is not the same as requesting persistent platform privileges.
Assessment
This skill appears coherent for orchestrating writing-editing sub-skills, but it relies on running npx commands that will fetch and execute remote packages (clawhub and the listed skills). Before installing or running: 1) Inspect and pin the versions of clawhub and each upstream skill (avoid always using @latest). 2) Review the upstream skills' manifests/readmes for any requested env vars or network endpoints. 3) If possible, run installations in an isolated environment (container or VM) rather than on a sensitive host. 4) Verify the reputation/source of the clawhub package and the listed upstream skills (owner, package contents). These steps reduce supply-chain risk from remote install/update commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f8acr8687944rty7ry17s7x8157aw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

writing_hand Clawdis
Binsnode, npx

Comments