ClawHub
Back to skill
v1.0.0

一键生成高互动文案视觉封面

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:15 AM.

Analysis

This skill is a coherent social-media copy and HTML cover generator with no evidence of malicious behavior, though users should notice its web-search, local file-output, and HTML-generation behavior.

GuidanceThis skill appears safe for its stated purpose: generating social-media copy and local HTML cover pages. Before installing, be aware that it asks the agent to search the web, writes files under its output directory, and includes a Python HTML generator. Verify any factual claims before publishing and only use trusted plain text in generated covers.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
在创作文案前,**必须**通过联网搜索获取以下最新信息

The skill requires web search before generating content. This is disclosed and aligned with creating timely social-media posts, but it means external search results can influence the generated copy.

User impactThe generated content may depend on live web results, which can be inaccurate or manipulated.
RecommendationReview the cited facts and product claims before publishing, especially for version numbers, comparisons, or recent releases.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none; Required binaries ... none; Code file presence: scripts/generate-cover-html.py

The skill includes a local Python helper script, but registry metadata does not declare Python as a required binary and provides no source/homepage provenance. The script itself is included and simple, so this is a notice rather than a concern.

User impactUsers may not know the origin of the helper script or that Python is needed if they choose to use it.
RecommendationInspect the included script before use and ensure Python is available if using the documented helper command.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
scripts/generate-cover-html.py
<div class="text">{highlighted_text}</div> ... <div class="guide">{guide_text}</div>

The generator inserts supplied text into an HTML file without escaping. This is expected for an HTML cover generator, but untrusted text containing HTML or script could become active when the generated file is opened in a browser.

User impactIf malicious HTML is pasted into the text fields, it could run in the browser when the cover file is opened.
RecommendationUse plain text for copy and guide fields, avoid pasting raw HTML from untrusted sources, and consider escaping user-supplied text in the script.