Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Devlog

v1.0.0

Generate narrative blog posts from AI coding session transcripts. Reads session files, selects sessions relevant to a topic, and produces an agent-narrated blog post about the human-agent collaboration. Supports builder's log, tutorial, and technical deep-dive styles.

⭐ 0· 1.2k·1 current·1 all-time

by@lordshashank

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's name/description (generate blog posts from coding session transcripts) aligns with the provided scripts and examples: platform-specific list/read scripts, templates, and a publish script. However the registry metadata claims no required binaries/env vars while many included scripts declare or implicitly require python3 and a POSIX shell (bash). Publishing support expects platform credentials (e.g., HASHNODE_PAT) even though requires.env is empty — an inconsistency between declared requirements and actual runtime needs.

Instruction Scope

SKILL.md instructs the agent to discover and read session storage across multiple platform paths (e.g., ~/.local/share, ~/.gemini/tmp, ~/.config, ~/Library) and to run platform list/read scripts. That is coherent for the stated goal, but the discovery steps can scan broad areas of the user's home tree and read many app data files. The skill attempts to strip large tool outputs, but the runtime instructions also say to 'ask the user to provide values for the current session' when publishing — which may prompt users to paste secrets into chat. This credential-handling guidance is risky and under-specified (no secure ephemeral ingestion mechanism is described).

ℹ

Install Mechanism

There is no install spec (instruction-only), which reduces install-time risk. But code files (shell scripts that exec python3) are included and intended to be executed at runtime. The absence of declared required binaries (metadata lists none) conflicts with the scripts' internal 'Requires: python3' comments and shebangs — the agent will need a shell + python3 available for these scripts to work.

Credentials

Declared requires.env is empty, yet the publishing flow references service credentials (e.g., HASHNODE_PAT, HASHNODE_PUBLICATION_ID) and the included publish.sh likely reads env vars or expects secrets. The skill instructs the agent to tell the user how to export env vars and to ask the user for values during the session — this encourages users to paste secrets into the chat/session. Requesting publishing credentials is proportionate to the publishing feature, but the lack of explicit declaration in the registry metadata and the guidance to input secrets in-session are concerning.

✓

Persistence & Privilege

The skill does not request always:true, does not modify other skills, and has no install step that writes system-wide configuration. It reads user files but does not request permanent elevated presence. Autonomous invocation is enabled by default but not combined with other high-risk factors here.

What to consider before installing

This skill does what it says — it scans local AI coding session stores and generates an agent-narrated devlog, and can optionally publish to services like Hashnode — but review a few things before using it: - The package metadata claims 'no required binaries', but the included scripts require a POSIX shell and python3. Make sure python3/bash are available or expect the scripts to fail. - The skill will scan application data directories (e.g., ~/.local/share/opencode, ~/.gemini/tmp, ~/.config, ~/Library). These scans are necessary to discover session transcripts, but they can reveal other local data. If you have sensitive files in these locations, inspect the scripts first or run the skill in a controlled environment. - Publishing uses service credentials (e.g., HASHNODE_PAT). The SKILL.md instructs the agent to ask you for credentials if they're not set — do NOT paste secrets into the chat if you don't want them captured. Prefer exporting credentials into your shell environment (export HASHNODE_PAT=...) or using a secure secret injection mechanism rather than sending tokens in a message. - Review the publish.sh and any network-calling code before invoking publishing: confirm which endpoints are used and whether data (including any cover image URLs) will be uploaded to third-party servers. - The read-session scripts attempt to strip raw tool outputs, but transcripts themselves can contain secrets (API keys, tokens, file contents). Inspect a sample session output the skill proposes to include before publishing or uploading anywhere. If you want to proceed: review the referenced platform scripts and publish script locally, ensure you run this in a trustable environment, and never paste long-lived secrets into an untrusted chat. If the skill author can update metadata to declare required binaries and list the publishing env vars up front (and remove the prompt-to-paste guidance), that would substantially reduce the current concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bxsbaftefx32abq1t5dsejx80rzcg

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Devlog

License

Comments