Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
copywriting
v1.2.0When the user wants to write or optimize short-form marketing copy—headlines, CTAs, ad copy, landing page copy, email copy. Also use when the user mentions "...
⭐ 0· 173·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and runtime instructions all focus on short-form marketing copy (headlines, CTAs, ads, landing pages, email). There are no unrelated env vars, binaries, or install steps requested, which aligns with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to 'Check for project context first' by reading .claude/project-context.md or .cursor/project-context.md and to read specific sections (Positioning, Value Proposition, Brand & Voice). Those file reads are concrete actions not surfaced in the skill's declared requirements. This is scope-related because it instructs access to workspace files that may contain sensitive or broad context and wasn't declared in the metadata.
Install Mechanism
No install spec and no code files are present, so nothing will be written or executed on disk by the skill itself. This is the lowest-risk installation model.
Credentials
The skill declares no environment variables or credentials (appropriate for copywriting). However, it also instructs reading specific project-context config files (undisclosed in metadata). That implicit requirement should be declared because those files can contain sensitive information; otherwise the metadata underreports what the skill will access.
Persistence & Privilege
always:false and default agent invocation settings are used. The skill does not request persistent presence or elevated platform privileges.
What to consider before installing
This skill looks like a straightforward copywriting guide, but its instructions tell the agent to open and read .claude/project-context.md or .cursor/project-context.md for context. The metadata does not declare those config paths. Before installing, ask the provider to either (1) explicitly declare those config paths in the skill metadata so you can review what will be accessed, or (2) remove the directive to auto-read project-context files. If those project-context files exist in your workspace, review their contents (they may contain sensitive positioning, product, or brand information) and consider storing sensitive secrets elsewhere. If you require higher assurance, request a version of the skill that prompts the user to paste or confirm context rather than automatically reading files. Additional information that would raise confidence to 'high': explicit declaration of the config paths in the metadata and a statement that the skill will only read those files (no other files), or an updated SKILL.md that requires explicit user consent before reading workspace files.Like a lobster shell, security has layers — review code before you run it.
latestvk97apza6vhvpkzndh8yy5sy48h83xrx1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.