ClawHub

dropspace-content-engine

v1.0.1

Self-improving autonomous content pipeline. Analyzes post performance across 6 platforms, generates new content with AI (slideshows, tweets, linkedin posts,...

0· 48·0 current·0 all-time
by@jclvsh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (autonomous multi-platform content pipeline) align with the declared env vars (DROPSPACE_API_KEY for the Dropspace API, ANTHROPIC_API_KEY for LLM-assisted generation, FAL_KEY for visual/video generation) and the SKILL.md commands that call scripts to analyze, generate, and schedule content.
Instruction Scope
SKILL.md instructs cloning the repo, running npm install, running setup.js to provide API keys/platform selection, and executing node scripts that pull analytics and schedule posts via Dropspace. This stays within the described purpose. One notable point: the setup likely collects platform-specific credentials (for scheduling to third‑party platforms) but those platform tokens are not enumerated in requires.env; the SKILL.md also references an optional 'Bird CLI' run for X/Twitter research which would require separate credentials if used.
Install Mechanism
No formal install spec in the registry, but SKILL.md instructs 'git clone https://github.com/joshchoi4881/dropspace-agents && npm install'. Clone from GitHub is expected for a project-based skill, but npm install will execute code from the repo and its dependencies (including any postinstall scripts). It's standard but worth reviewing the repo and package.json before running in production.
Credentials
The three required env vars map to expected services (Dropspace, Anthropic, Fal). However, the setup likely requests additional platform credentials (social accounts, scheduler tokens) which are not listed in requires.env — you should expect the .env produced by setup to contain extra secrets. Ensure those are scoped appropriately and not reused elsewhere.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges in the registry metadata. It instructs creating/storing a .env file for keys (normal for app setup) and does not attempt to modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it claims, but take the usual precautions before running code that will post content and hold API keys: 1) Inspect the GitHub repo (particularly package.json, setup.js, and scripts/) for postinstall scripts or unexpected network actions before running npm install. 2) Run initial tests with limited-scope or test accounts (so posts won't go to your main social accounts). 3) Restrict and rotate API keys you provide (use short-lived or scoped credentials if possible). 4) Keep .env out of source control as recommended. 5) Be aware the setup may prompt for additional platform tokens (not listed in registry metadata) and optional tooling like the Bird CLI will need separate credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qh16xeczf04ks4veqqt7r183yaqz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
EnvDROPSPACE_API_KEY, ANTHROPIC_API_KEY, FAL_KEY

Comments