Automated Content Machine
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: automated-content-machine Version: 1.0.0 The `SKILL.md` file describes an 'Automated Content Machine' that instructs the AI agent to generate and automatically publish content to multiple external platforms, including Twitter/Threads, WordPress/Ghost, and newsletters via Ghost/Substack. While the stated purpose is legitimate, these instructions grant the agent broad capabilities for external network interaction and content publishing, which inherently carries a high risk. There is no explicit instruction for malicious actions like data exfiltration or installing backdoors, but the extensive publishing capabilities could be leveraged for harm if the agent is compromised or given overly permissive credentials, classifying it as suspicious due to the broad, high-risk operational scope.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish or schedule public content that affects your brand, audience, monetization, or accounts before you have clearly approved each item.
The skill directs automatic public publishing to third-party platforms. That is a high-impact account action, and the artifact does not define a mandatory per-post approval, preview, rollback, or scope limit.
全自動化內容創作同發布系統 ... 自動發布到WordPress/Ghost
Require explicit human approval before any post, newsletter, blog update, product promotion, or scheduled publication. Limit the platforms and accounts it can use.
You may not have a clear view of which accounts or publishing permissions the agent needs before using the skill.
The skill’s SKILL.md describes publishing through services such as WordPress, Ghost, Substack, Buffer/Hypefury, and Gumroad, but the registry metadata does not declare what account credentials or permission scopes would be needed.
Env var declarations: none; Primary credential: none
Use least-privilege API keys or platform roles, document the exact accounts and permissions, and avoid giving broad admin or billing access.
A single mistaken or inappropriate generated message could spread to social media, blogs, newsletters, and promotional channels.
The skill proposes recurring AI-generated output across several channels. Without containment or mandatory review, one bad topic, claim, affiliate link, or prompt error could be amplified across multiple public platforms.
每日生成1-3條高質量thread ... 每星期2-3篇長文 ... 每星期1封 ... 自動發布到多平台
Add channel-by-channel approval, content policy checks, disclosure checks for ads/affiliate links, and limits on automatic cross-posting.