ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

log-polish-enus-images

v1.0.0

Polish a technical blog draft into an 1000–1200 word, 4-5 section en-US article, preserve technical terms/code, and generate consistent hero + per-section im...

0· 56·0 current·0 all-time
byJeff Yang@j3ffyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (polish blog + generate image prompts) matches the runtime instructions: it reads a markdown draft, restructures/polishes content, emits a polished file, and produces hero/section image prompts. Minor mismatch: the SKILL.md uses jq for JSON construction but the registry metadata lists no required binaries.
Instruction Scope
Instructions operate on a user-provided draftPath (defaulting to ~/.openclaw/workspace/contentDraft/latestDraft.md) and write outputs to an outputDir; they do not call external APIs or transmit data off-host, and they only operate on the specified files. This scope aligns with the declared purpose.
Install Mechanism
No install spec (instruction-only), which is low risk. However, the workflow shell commands rely on utilities (notably jq) that are not declared in required binaries; if jq is absent the steps will fail. No downloads or archive extraction are present.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The file I/O targets are within the user's home workspace defaults, which is appropriate for this use case.
Persistence & Privilege
always is false and the skill does not request permanent system presence or modify other skills. It writes outputs only to its own outputDir; no elevated privileges or cross-skill config writes are requested.
Assessment
What to consider before installing: - This skill appears to do what it says: it reads a markdown draft, creates a polished markdown, and generates image prompts (it does not itself call image-generation APIs). - Verify jq is available on the agent/runtime (SKILL.md uses jq but no binaries are declared). If jq is not present the skill will fail; either install jq or update the skill to avoid it. - It will read any file path you give as draftPath (default is a workspace path under your home). Do not point it at sensitive files (password stores, keys, system files). - The skill writes polished files and PNG filenames into the outputDir; confirm that location is acceptable and has appropriate filesystem permissions. - If you need strict auditing, request the author add an explicit required-binaries list and/or remove shell-level JSON tooling so failures are visible before runtime.

Like a lobster shell, security has layers — review code before you run it.

latestvk973w3eb3aaz2bjzj65ppsxn8s83f6z2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments