ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Content Repurposer

v1.0.0

Repurpose any blog post or article into multiple social media formats. Input a URL or text, get X/Twitter thread, LinkedIn post, Instagram caption, email sni...

1· 486·0 current·0 all-time
by@mariusfit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (multi-platform repurposing) match the included code and SKILL.md. The script fetches article HTML (when URL mode is used), extracts body/title, and generates platform-specific outputs—these are expected capabilities. The SKILL.md mention of beautifulsoup4 is consistent with the script's runtime dependency.
Instruction Scope
Runtime instructions are narrowly scoped to reading a URL, file, or stdin and producing social-media content. The SKILL.md does not ask the agent to read unrelated files, environment variables, or transmit data to endpoints other than the target article URL. The included code follows the same scope (HTML fetch + local text processing + local output).
Install Mechanism
No install spec is present and the SKILL.md suggests only installing beautifulsoup4 for URL extraction. There are no downloads from untrusted URLs or archive extraction steps in the package metadata. The code is bundled with the skill, so nothing is fetched during install.
Credentials
The skill does not request environment variables, credentials, or config paths. It operates without secrets and only uses network access to fetch the user-provided article URL, which is proportional to the stated purpose.
Persistence & Privilege
always is false and no special privileges or persistent modifications are requested. The skill does not modify other skills or system-wide agent settings in the visible files.
Assessment
This skill appears coherent and implements exactly what it says: fetching an article (only when you supply a URL), extracting text, and building platform-specific posts. Before installing or running: (1) inspect scripts/repurpose.py yourself (it is bundled and readable); (2) be aware the script will perform an HTTP GET to any URL you provide—avoid pointing it at internal or private endpoints; (3) install and run in an isolated environment if you are unsure (virtualenv/container); (4) note that generated content may reproduce copyrighted text from the source—review before posting; and (5) the agent can invoke the skill normally (default), so if you want to prevent autonomous runs, disable/limit skill invocation in your agent settings.

Like a lobster shell, security has layers — review code before you run it.

automationvk971d0d11c47hzbcqwc96hvmf581p7ffcontentvk971d0d11c47hzbcqwc96hvmf581p7fflatestvk971d0d11c47hzbcqwc96hvmf581p7ffmarketingvk971d0d11c47hzbcqwc96hvmf581p7ffsocial-mediavk971d0d11c47hzbcqwc96hvmf581p7ff

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments