Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Copywriting Course Video
v1.0.0Copywriting Course Video is a specialized AI-powered video production skill built for copywriting courses, software development training programs, data scien...
⭐ 0· 45·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is named "Copywriting Course Video" but the description and target-audience list repeatedly emphasize software development bootcamps, data science, DevOps, cybersecurity, and many other technical training programs. That breadth doesn't match the narrow name; either the skill is misnamed or its scope is much broader than advertised. The declared requirements (no env vars, no binaries) are proportionate to a content-generation tool, but the naming/description mismatch is confusing and worth clarifying.
Instruction Scope
The SKILL.md provided is long marketing and use-case content; the excerpt shows planning and content guidance but was truncated and does not include the full runtime instructions. From the visible portion there is no instruction to read local files, access environment variables, or call external endpoints, but the absence of the rest of the file means we cannot verify whether the agent is told to upload media, call external video APIs, or read user files. Because the operational steps are missing, the runtime scope is uncertain.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That is the lowest-risk install model — nothing is written to disk by the skill package itself.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. For a content/video-production helper this is proportionate. If the skill later instructs the agent to call external video hosting or rendering services, those services would reasonably require credentials — but none are requested here.
Persistence & Privilege
always is false and there are no indications the skill requests permanent system presence or writes to other skills' configs. Autonomous invocation is allowed (default) — this is expected — but not combined with any other elevated privileges in the provided metadata.
What to consider before installing
This skill shows several red flags you should resolve before installing: 1) Name vs. description mismatch — ask the publisher which audiences and use-cases it actually targets (copywriting only, or broad tech bootcamps?). 2) Request the complete SKILL.md (the provided file was truncated) and review the runtime steps for any instructions to read local files, access environment variables, or call/upload to external endpoints (YouTube, S3, video-rendering APIs). 3) Confirm whether the skill will ever require API keys or upload tokens at runtime; if so, understand where those tokens are sent and stored. 4) Because the source and homepage are unknown, favor caution: test in a limited/sandbox environment and avoid granting credentials until you see explicit, justified usage. If the maintainer cannot explain the name/scope mismatch or provide full, clear runtime instructions, treat the package as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk975j9g9m8jv277jk283sgaqnd84fd4p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.