ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ghost-Writer Sync

v1.0.0

Pulls published blog posts from Substack and Ghost into an Obsidian or Logseq vault for AI-assisted repurposing.

1· 45·0 current·0 all-time
byPeter Lum@liverock
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (sync Substack/Ghost posts into a vault) aligns with its code which fetches RSS and CMS posts and writes Markdown. However, SKILL.md repeatedly refers to a 'Ghost Content API key' while the code (_ghost_jwt_token and the API endpoint) constructs an Admin JWT and uses the /ghost/api/admin/ endpoint. Content API keys and Admin API keys are different; requiring an Admin-style key is more privileged than the documentation implies.
Instruction Scope
The SKILL.md instructions are bounded to fetching Substack RSS and Ghost posts, converting HTML to Markdown, and writing files to a user-specified vault/config. That scope matches the code. The skill will persist configuration (including supplied Ghost API key) to a local JSON config file, which means secrets you supply are stored on disk. The code appears to contact only the declared sources (Substack RSS and Ghost admin API) and writes local files; there are no additional network destinations described in SKILL.md.
Install Mechanism
No install spec — instruction-only with an included Python script. Nothing is downloaded from external URLs or installed automatically, which minimizes install-time risk.
Credentials
No environment variables are requested. The only credential flow is a Ghost API key passed as a command argument (and then stored in config). This is reasonable for a CMS sync tool, but the earlier mismatch (Content API vs Admin API) matters: asking for an Admin-style key is more privileged than a read-only Content API key and should be explicitly declared so users understand the sensitivity. Storing the key unencrypted in config is another data exposure concern.
Persistence & Privilege
The skill does not request permanent platform-wide privileges (always:false). Its persistence is limited to writing a local JSON config and Markdown files to whichever vault path the user provides, which is expected for this functionality.
What to consider before installing
Before installing, be aware of two main issues: (1) The README/arguments claim you supply a 'Ghost Content API key', but the code builds an Admin JWT and calls the Ghost admin API — that requires an Admin-style secret (id:secret) and is more powerful than a read-only Content API key. Only provide an admin key if you trust the skill and understand the privileges you’re granting. (2) The skill will persist the provided Ghost key in a local JSON config file (unencrypted), so treat that file as sensitive: store it in a secure location, restrict filesystem permissions, or avoid storing keys at all by passing them at runtime. Additional precautions: review the full sync.py yourself (or run it in a sandbox) to confirm there are no unexpected network destinations or behaviors, back up your vault before first run, and prefer using Substack (public RSS) or a documented read-only Content API flow if you need lower privilege.

Like a lobster shell, security has layers — review code before you run it.

latestvk977xctjg9se802fqyj6kqwh2584jy05

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments