ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Social Content

v1.0.0

When the user wants help creating, scheduling, or optimizing social media content for LinkedIn, Twitter/X, Instagram, TikTok, Facebook, or other platforms. A...

0· 151·0 current·0 all-time
byMario Karras@mariokarras
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (social content creation, repurposing, scheduling) match the SKILL.md. The skill only requires reading optional local context files (.agents/product-marketing-context.md, .agents/brand-voice-guide.md) and includes platform/reference documents; nothing requested is unrelated to producing social content.
Instruction Scope
Runtime instructions ask the agent to read optional local context files (brand and product marketing context) which is reasonable for tailoring content. The reverse-engineering reference recommends scraping tools (Apify, PhantomBuster) and collecting large datasets — that implies potential external data collection steps which would require additional tooling, credentials, and legal/ToS consideration, but the SKILL.md itself does not perform those actions or request credentials.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes disk-write/remote-install risk.
Credentials
The skill declares no required environment variables, credentials, or config paths beyond optional local context files. That is proportionate for a content strategy assistant.
Persistence & Privilege
always is false and agent invocation is normal/default. The skill does not request permanent elevated privileges or modify other skills' configs.
Assessment
This skill is instruction-only and internally consistent with social media content work — it asks only for optional local context files and includes helpful templates and a reverse-engineering playbook. Before installing: 1) Check any .agents/ or .claude/ context files you store for sensitive secrets (API keys, tokens, or private data) because the skill will read those files if present. 2) If you plan to follow the reverse-engineering scraping advice, be aware that scraping tools listed (Apify, PhantomBuster, etc.) may require separate accounts, API keys, and could violate platform terms of service; those actions are not automated by this skill and would be an extra step. 3) Because the skill can be invoked autonomously (the platform default), ensure you only store non-sensitive context in the referenced local files. Overall risk is low, but avoid putting credentials or other secrets in the product-marketing- or brand-voice files.

Like a lobster shell, security has layers — review code before you run it.

latestvk973kwy9kzpx2v4sphrk900axx8354y6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments