Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
blog-polish-enus-images
v1.0.1Polish a technical blog draft into an 1000–1200 word, 4-5 section en-US article, preserve technical terms/code, and generate consistent hero + per-section im...
⭐ 0· 59·0 current·0 all-time
byJeff Yang@j3ffyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's declared purpose is to polish a technical blog into a 1000–1200 word, 4–5 section article while preserving technical terms/code and generate hero + per-section images. The SKILL.md implementation only writes a simple placeholder polished markdown (static template text like 'Content polished and restructured...' and summary lines) and only builds text prompts and intended image file paths; it does not call any polishing engine/LLM or any image-generation API. That is a substantive mismatch between claimed capability and actual behavior (appears to be a stub/template rather than a working polisher).
Instruction Scope
Instructions read the draft markdown at a user-supplied path (default ~/.openclaw/workspace/contentDraft/latestDraft.md), count words/sections, and write outputs to an output directory (default ~/.openclaw/workspace/contentPolished). It does not transmit data externally or request credentials. This file I/O is expected for the purpose, but users should note the skill will read the specified file path and write files under the output directory. Also the polishing step is a placeholder and will not produce a real rewritten article as advertised.
Install Mechanism
No install spec (instruction-only), which is low risk. However, the workflow depends on command-line tools (jq, sed, grep, wc, tr, date, mkdir, cat, printf, seq) — jq in particular is not universally available — but the skill declares no required binaries. The absence of declared dependencies may cause runtime failures or unexpected behavior.
Credentials
The skill declares no environment variables, no credentials, and no config paths. The instructions do not access other environment variables beyond typical shell variables and inputs. This is proportionate to the stated (file-based) functionality.
Persistence & Privilege
always is false and the skill is user-invocable. The skill writes files only under the resolved output directory and reads the specified draft file; it does not attempt to modify other skills, agent-wide settings, or request persistent privileges. No additional persistence privileges are requested.
What to consider before installing
This skill appears to be a template/stub rather than a functional blog polisher: it creates placeholder markdown and builds image prompts/file-names but does not actually rewrite the draft to 1000–1200 words or call any image API. Before installing or using it: (1) inspect SKILL.md yourself — it will read the draft file (default: ~/.openclaw/workspace/contentDraft/latestDraft.md) and write output files to the outputDir; (2) ensure jq and other CLI tools used by the script are available on the host, or the skill may fail; (3) do not rely on this skill for production publishing without verifying its output on sample drafts; (4) ask the author for clarification or a working implementation that actually performs polishing (calls an LLM or polishing routine) and/or image generation, and for a declared list of required binaries. If you only need prompts/filenames, this could be useful; if you need real rewriting and image generation, this skill as-is is not sufficient.Like a lobster shell, security has layers — review code before you run it.
latestvk976cmr8tykqwjgs3t6e3dmdnd83e221
License
MIT-0
Free to use, modify, and redistribute. No attribution required.