Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Content Generator Pro
v1.0.1AI Content Generator Pro offers multi-model AI content creation for blogs, social media, SEO-optimized marketing, with tone control, scheduling, and integrat...
⭐ 0· 100·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill advertises multi-model integration, CMS and social posting, plagiarism checks and API integrations (OpenAI, Anthropic, xAI). The code is a prototype that currently simulates AI responses rather than performing real API calls, and the registry metadata declares no required environment variables or credentials even though SKILL.md and configs instruct users to configure API keys (openai.api_key, anthropic.api_key, etc.). Integration capabilities (auto-posting to WordPress/Shopify/social platforms) are described, but there is no declared or explicit handling of the external platform credentials in the metadata or config examples. This mismatch between claimed capabilities and declared requirements is a coherence concern.
Instruction Scope
SKILL.md instructs users to set API keys via openclaw config and to run the skill; the top-level code saves generated content to the user's current working directory (process.cwd()/content) and to an internal SQLite DB. The instructions also promise auto-posting and integrations, but the provided code is a simulated prototype and does not show implementation for posting to external services; this leaves open the possibility that later versions or setup scripts could request or use additional credentials or network endpoints not described in the metadata. The SKILL.md also includes installation commands and configuration steps that would cause a user to provide API keys without the skill declaring them as required in metadata.
Install Mechanism
There is no formal install specification (instruction-only in registry), but the package contains code, a package.json with npm dependencies, and shell scripts (scripts/setup.sh, scripts/test.sh). package.json exposes npm scripts that call these shell scripts. Because setup.sh content was not provided in the snippet, it should be inspected before running; setup scripts can execute arbitrary commands. Absence of an explicit install spec in the registry is lower risk by itself, but bundled scripts + exec permission raise the need for manual review.
Credentials
The skill's declared metadata lists no required env vars or primary credential, but SKILL.md and config files clearly expect API keys for OpenAI, Anthropic, and xAI. package.json lists broad 'openclaw' permissions including read, write, exec, web_search, web_fetch. The code writes files to the current working directory and a local SQLite DB inside the skill folder; writing into process.cwd() may surprise users and can overwrite or add files outside the skill. The permission and credential handling are disproportionate/unexplained relative to the registry metadata.
Persistence & Privilege
The skill is not marked always:true (good), but package.json requests broad OpenClaw permissions (read/write/exec/web_fetch/web_search). The skill writes persistent content to disk (content files and a SQLite DB). The combination of exec permission, bundled setup scripts, and I/O to the user's working directory increases the surface area and potential impact of malicious or buggy behavior. There's no explicit modification of other skills or system-wide configs in provided files, but the broad permissions are notable and should be justified.
What to consider before installing
Do not run setup or install scripts without inspection. Before installing or running this skill: 1) Open and review scripts/setup.sh, scripts/test.sh and any deploy script for network calls or harmful commands. 2) Inspect the rest of index.js (it was truncated) for child_process.exec usage, outbound network requests, hardcoded endpoints, or credential exfiltration. 3) Note that the registry metadata declares no required env vars but SKILL.md asks you to set API keys (openai.api_key, anthropic.api_key, xai.apiKey) — verify how and where keys are stored and that they are not logged or transmitted to unknown endpoints. 4) Confirm you trust the publisher (contact support@supposed vendor or verify homepage); the package contains differing price claims and marketing inconsistencies which reduce confidence. 5) Run in an isolated/sandbox environment (or container/VM) if you want to test functionality, and avoid running setup.sh on a production machine. 6) If you need CMS or social posting features, expect those to require additional OAuth tokens — the skill does not declare those upfront. If you want, paste the contents of scripts/setup.sh and the truncated portion of index.js and I can review them for suspicious behavior.index.js:278
Potential obfuscated payload detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97bj2fymzfbw0rv01k4mbxtw18361f7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.