ClawHub
Back to skill
v1.3.0

jeffli-content-factory

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:52 AM.

Analysis

The skill’s writing workflow is coherent, but it asks the agent to handle and even print API keys, run an unreviewed external helper script, and optionally publish to a WeChat account.

GuidanceReview this skill carefully before installing. It may be useful for WeChat article production, but remove or modify the API-key printing commands, verify any external helper script before allowing execution, and only enable WeChat publishing after you are comfortable with the credentials, draft/review process, and public-posting impact.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Web Search: Always use smart_search.py via exec FIRST ... python3 /root/.openclaw/workspace/scripts/smart_search.py "test" --max-results 1

The skill mandates executing an absolute-path helper script outside the packaged file manifest. That helper’s provenance and behavior are not represented in the supplied artifacts.

User impactThe agent may run local code that was not packaged with or reviewed as part of the skill, using the user’s environment and credentials.
RecommendationPackage and review the helper script, declare it as a dependency, or use a reviewed built-in search integration instead of mandatory execution of an external workspace file.
Tool Misuse and Exploitation
SeverityMediumConfidenceMediumStatusConcern
scripts/WECHAT_COVER_UPDATE.md
3. 发布到微信公众号(包含封面图)
   python scripts/wechat_publish.py \
     --html "output/YYYY-MM-DD-article-slug.html" \
     --cover "output/YYYY-MM-DD-article-slug-cover.png"

The workflow includes publishing to a WeChat Official Account, which is a public/account-mutating action. The cited docs do not show a separate final approval, draft-only mode, or rollback guidance before publishing.

User impactIf configured with WeChat credentials, the skill can post AI-generated content and images to a public official account, creating reputational or operational impact.
RecommendationRequire explicit user confirmation immediately before any WeChat upload or publish action, prefer draft-only defaults, and document how to review or cancel before publication.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
python3 -c "import json; print(json.load(open('/root/.openclaw/credentials/tavily.json'))['api_key'])" && echo "Tavily: OK"

The skill tells the agent to open local credential files and print the raw API key as part of a tool check. Verifying a key exists should not expose the secret into terminal output, logs, or agent context.

User impactYour Tavily or Brave API keys could be revealed to the agent transcript or logs during normal use.
RecommendationDo not install as-is unless this check is removed or changed to a masked presence check; credentials should be declared, scoped, and never printed.
Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
CONFIGURATION.md
`GLM_API_KEY` | 智谱 AI API 密钥 ... `WECHAT_APP_ID` ... `WECHAT_APP_SECRET` ... APPSECRET = "a6800143c01df2e73121c631cac4ec32"

The docs describe required and optional provider/account credentials, including a concrete AppSecret-like value and legacy hardcoded configuration, while the registry metadata declares no env vars or primary credential.

User impactUsers may not realize the skill needs sensitive provider and WeChat account credentials, and real-looking credential examples increase leakage or misuse risk.
RecommendationDeclare all required/optional credentials in metadata, remove real-looking secrets from examples, avoid hardcoded fallbacks, and use placeholder values that are clearly nonfunctional.