Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Content Factory 内容工厂
v1.0.0Create complete WeChat Official Account viral articles from a user-provided title by researching high-view YouTube videos, confirming topic/outline with user...
⭐ 0· 74·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's purpose (generate WeChat viral articles from YouTube research) is consistent with many included scripts (yt_dlp_*.py, generate_cover_photo.py, wechat_publish.py). However the registry metadata declares no required env vars or binaries, while SKILL.md and the code require yt-dlp and a GLM API key and optionally WECHAT_APP_ID/WECHAT_APP_SECRET. That mismatch (declaring no credentials but shipping scripts that need them) is incoherent and should be explained by the author.
Instruction Scope
SKILL.md explicitly instructs running local scripts (yt_dlp_search.py, yt_dlp_captions.py), checking for yt-dlp, reading local scripts, and using WebFetch as fallback. The workflow also covers generating cover images (calls GLM-Image API) and publishing to WeChat. These instructions involve reading local .env files and running network requests to external services (YouTube via yt-dlp, open.bigmodel.cn for images, api.weixin.qq.com for publishing). The instructions therefore ask the agent to access local files and secrets and to transmit data externally — all expected for the stated purpose but not declared in metadata.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded at install time. However the package includes multiple runnable Python scripts that will be executed by the agent if followed. No third-party binary downloads are embedded, which lowers supply-chain risk, but executing included scripts still performs network I/O and file writes—so runtime behavior matters.
Credentials
Although the registry lists no required env vars, documentation and scripts clearly require a GLM_API_KEY (required for image generation) and optionally WECHAT_APP_ID and WECHAT_APP_SECRET (for auto-publishing). The package instructs storing secrets in a .env file; check_env.py loads .env and will surface missing keys. More concerning: create_default_cover.py contains apparent hard-coded APPID/APPSECRET values and the script writes a wechat_config.py back into the repo (including APPID/APPSECRET and media_id). Requiring or embedding account credentials is sensitive and should have been declared up front.
Persistence & Privilege
The skill does not request always:true and does not modify other skills, but several scripts persist data into the skill directory: generate_cover_photo downloads images to output/, create_default_cover.py uploads a cover then writes wechat_config.py with credentials/media_id. That is within the skill's own scope but means running the skill will create files, store tokens/IDs locally, and may persist credentials if used—review file writes and sanitize before running.
What to consider before installing
Key things to check before installing or running this skill:
1) Metadata mismatch: The registry claims no env vars/binaries required, but the skill requires yt-dlp (or equivalent), a GLM API key (GLM_API_KEY) for cover generation, and optionally WeChat credentials (WECHAT_APP_ID, WECHAT_APP_SECRET) to auto-publish. Ask the publisher why those were not declared.
2) Sensitive credentials: Inspect .env.example and any committed files for hardcoded or example credentials. Notably, create_default_cover.py contains APPID/APPSECRET values and will write them into wechat_config.py after uploading — remove or replace hardcoded credentials and do not publish them. Only provide your WeChat credentials if you trust the code and the publisher.
3) Network behavior: The scripts will call open.bigmodel.cn (image generation), api.weixin.qq.com (upload/publish), and run yt-dlp (downloads from YouTube). If you only want drafts, avoid running the publish/upload scripts or run in a network-restricted sandbox.
4) Local execution risk: There is no install sandbox; the package includes runnable Python scripts. Run check_env.py first to see what the skill expects. Consider running everything in a disposable VM or container and inspect outputs before giving real credentials.
5) Ask the author / request changes: a) update registry metadata to list required binaries and env vars; b) remove hardcoded credentials from scripts; c) document exactly what network endpoints are contacted and when; d) add explicit user consent steps before any publishing/uploading to external services.
If you decide to proceed, test with dummy API keys and sandbox accounts, and rotate any real keys after initial testing.Like a lobster shell, security has layers — review code before you run it.
latestvk97epbs874m9fw58esgjca2g6s839tf6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.