Skillv1.0.0

ClawScan security

Auto Content Ops · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 1:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's methods and search instructions fit its description, but it claims 'automatic publishing' while requesting no publishing credentials and mandates broad automatic triggering — those mismatches merit caution before installing.
Guidance: Key things to consider before installing: - Automatic publishing mismatch: Ask the publisher/maintainer how '自动发布' is implemented — which platforms, what API endpoints, and what credentials are required. Do not provide account tokens until you confirm secure storage and limited scopes. - Trigger aggressiveness: The skill instructs itself to run whenever many keywords appear, including very simple user queries. If you prefer explicit invocation, restrict triggers or require user confirmation before the skill runs. - Data collection and privacy: The skill performs web searches and competitor monitoring; confirm what query data or generated content (including any user-provided product details) might be logged or sent to external services. - Content safety and policy risk: The methodology encourages emotional hooks, adversarial framing, and '设定敌人/否定性力量' tactics. Review whether that style aligns with your brand and platform policies to avoid moderation/penalty risk. - Testing: Try the skill in a sandbox account with no publishing credentials first. If you want automated posting, require an explicit, documented integration (OAuth/API token) and limited-scoped credentials. - If you proceed: request clarification from the author about publishing integrations and provide publishing credentials only after confirming where and how tokens are stored and used. If you cannot get clarification, treat the auto-publish claim as not implemented and prefer manual copy/paste publishing.

Review Dimensions

Purpose & Capability: concernThe skill is a content-production pipeline (hot-topic scraping → idea generation → product binding → publish). Most requirements align with that purpose (it uses web_search and a local methodology reference). However, it explicitly promises '自动发布' (automatic publishing) but declares no required environment variables, credentials, or config paths for posting to target platforms (抖音/小红书/微博/etc.). That is an incoherence: true automatic publishing typically needs account tokens or an integration mechanism.
Instruction Scope: concernSKILL.md instructs the agent to run wide web searches (hot lists, competitor monitoring, platform trends) and to always read references/methodology.md — which is present. It also instructs the skill to trigger whenever a long set of keywords appear and even for simple asks (e.g., '帮我写个短视频文案'), which is an aggressive trigger policy that gives the agent broad discretion. The instructions do not tell the agent to access user files or secrets, but the broad auto-trigger behaviour can cause unexpected activations and potentially excessive external querying.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to execute at runtime; nothing is downloaded or written to disk. That minimizes install-time risk.
Credentials: noteThe skill declares no required environment variables or credentials. That is safe in one sense, but also inconsistent with the '自动发布' phase — if automatic posting is intended, it should list required platform credentials (API keys/tokens) or explain the publishing tool. As written, there is a gap between claimed capability and asked-for credentials.
Persistence & Privilege: notealways: false (good). The skill is allowed to be invoked autonomously (platform default). The problematic aspect is the SKILL.md's explicit instruction to trigger on a long list of keywords and to trigger even for minimal prompts — this is a behavioral privilege (frequent/autonomous activation) that could lead to surprising or noisy behavior unless the platform enforces explicit invocation limits or user consent before publishing.