ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI 行业资讯专家与小红书内容创作

v1.0.0

AI 行业资讯专家 + 小红书内容创作。检索 24 小时内最新 AI 资讯,生成小红书文案 + 3:4 比例 HTML 封面。使用场景:(1) 每日 AI 资讯汇总,(2) 小红书图文笔记创作,(3) 大模型发布/融资/技术突破等资讯整理。

0· 64·0 current·0 all-time
byAGICaptain@javastarboy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match what the files implement: retrieve recent AI news (via OpenClaw/web_search), summarize, produce Xiaohongshu copy and a 3:4 HTML cover. The required resources (no external credentials, no system paths) align with the stated purpose.
!
Instruction Scope
SKILL.md clearly documents the runtime flow and correctly requires OpenClaw's web_search to provide news JSON to the bundled Node scripts. However, the provided scripts call child_process.execSync with the JSON string embedded into a shell command (e.g., execSync(`node ... --news-json '${jsonStr}'`)), which can permit shell/command injection if any field in news data contains malicious quoting or shell metacharacters. The scripts also read/write local files under the skill directory and open the generated HTML — that is expected for this purpose but increases the impact if inputs are malicious.
Install Mechanism
No install spec or remote downloads; this is an instruction-only skill with bundled scripts. No external packages are pulled at install time. Risk from install mechanism is low.
Credentials
The skill requests no environment variables, credentials, or config paths. All data access is local to the skill directory and the scripts expect JSON input from the OpenClaw main flow — the scope of environment/credential access is minimal and proportionate.
Persistence & Privilege
always:false and no indication the skill alters other skills or system-wide settings. It writes outputs to its own output/DATE directory (expected for content generation) and does not request persistent elevated privileges.
What to consider before installing
This skill appears to do what it says (generate Xiaohongshu copy + HTML from recent AI news). However, the bundled Node scripts construct shell commands that embed JSON news data into a single execSync shell string. If the news data originates from untrusted sources or contains quotes/metacharacters, that could enable command injection. Before running in a production/privileged environment: (1) review the scripts (create-xiaohongshu-content.js and run-full-flow.js); (2) prefer passing the news JSON via a temporary file or via stdin/argv (avoid embedding into a shell-interpolated string), or use child_process.spawn with argv arrays; (3) run the skill in an isolated session or container until you harden it; (4) verify that OpenClaw-provided web_search results are sanitized/escaped; (5) consider modifying the scripts to write JSON to a temp file and call node with a filepath argument to eliminate shell quoting risks. If you can't inspect or modify the code, treat the skill as untrusted and avoid running it on systems with sensitive data or elevated privileges.
scripts/create-xiaohongshu-content.js:510
Shell command execution detected (child_process).
scripts/run-full-flow.js:102
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9739x2qfqt1fd34prbxna4myx83jtk5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments