ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Content Workflow Engine

v1.0.1

Automate content creation, management, and distribution workflows. Use when: (1) Creating content pipelines for blogs, social media, or newsletters, (2) Sche...

0· 114·1 current·1 all-time
by@jacealllc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name, README, and SKILL.md align with a content workflow engine and the included scripts support that purpose. However, the package includes integration points for many external services (WordPress, Twitter, LinkedIn, Mailchimp, S3, SendGrid, Google Analytics, Slack webhooks, etc.) and an example config that contains numerous API keys and secrets. The skill metadata declares no required environment variables or primary credential, which is inconsistent with the clear need for multiple external credentials when actually running workflows.
!
Instruction Scope
SKILL.md instructs the agent/user to copy api_config.example.json to api_config.json and populate API keys, run multiple scripts (create_workflow.py, run_workflow.py, publish, schedule, test_connections.py, monitoring setup). Those runtime instructions cause the agent to read local config files containing secrets and to call external publishing/analytics/social APIs — expected for the functionality but not limited. The instructions give broad discretion to integrate many external endpoints and do not explicitly restrict or validate destinations. Because some script contents were truncated, a full audit of network endpoints called by the scripts is required.
Install Mechanism
There is no installer that downloads remote code; this is an instruction-and-script package included in the skill bundle. That reduces supply-chain risk compared to remote installs. The Node wrapper simply execs local Python scripts. No obscure external installers or URL downloads are present in the provided manifest.
!
Credentials
The included api_config.example.json enumerates many sensitive credentials (OpenAI, Anthropic, Cohere, WordPress application_password, Medium API key, Twitter keys, LinkedIn client secret or password, Mailchimp/SendGrid keys, S3 access_key/secret_key, encryption_key, Slack webhook, plausible API key, etc.). Yet the skill metadata lists no required env vars or primary credential. This is disproportionate and inconsistent: the runtime clearly requires secrets for many third-party services but the skill does not declare or gate them, so the user may be surprised about what to provide and how credentials are used/stored.
Persistence & Privilege
The skill does not request always:true and does not claim system-wide privileges. It runs local Python scripts and will write files (e.g., content storage directories, json outputs). That file-writing is expected behavior for a workflow engine and appears scoped to the skill's working directories. There is no evidence in the manifest that it modifies other skills or global agent configuration.
What to consider before installing
This package looks like a legitimate content automation toolkit, but it expects many API keys and will call external publishing/analytics/social endpoints. Before installing: (1) Review the full contents of scripts/run_workflow.py, publish_*.py, schedule_*.py and any networking code to confirm which domains/endpoints are called and that there are no hardcoded unexpected remote hosts. (2) Do not populate api_config.json with production keys until you audit the code; use test or least-privilege keys. (3) Keep api_config.json out of version control and prefer environment variables where supported. (4) Run the skill in an isolated/sandbox environment first to observe outbound network activity and files written. (5) If you need to supply high-value credentials (AWS, production WordPress, Google Analytics, Mailchimp, Slack webhooks), ensure they are scoped and rotated after testing. (6) If you want more confidence, provide the omitted/truncated Python files so they can be inspected for hidden endpoints, obfuscated code, or accidental data exfiltration.
index.js:18
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978xrbq0k7y5gg70wv3qqa67s837a0e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
Binscurl, git, python3

Comments