Content Repurposer Pro
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private drafts, internal articles, or pasted content may leave your environment and be processed by OpenAI or Anthropic.
The script sends generated prompts to external LLM provider APIs. Those prompts include the user-provided URL/file/stdin content being repurposed.
httpPost('https://api.openai.com/v1/chat/completions' ...); ... httpPost('https://api.anthropic.com/v1/messages' ...)Only process content you are allowed to send to those providers, or modify the script to use an approved local or enterprise model.
If you run it with an API key, requests may bill or count against that provider account.
The script uses provider API keys from the environment. This is expected for LLM generation, but it is not reflected in the registry's declared credentials or required env vars.
const openaiKey = process.env.OPENAI_API_KEY; const anthropicKey = process.env.ANTHROPIC_API_KEY;
Use a scoped/project API key where possible, monitor usage, and treat the missing metadata declaration as an installation documentation issue.
A malicious or noisy source article could cause the generated posts to include unwanted wording, links, or calls to action.
The source content is placed directly into the LLM prompt. If that content contains prompt-injection-style instructions, it could influence the generated drafts.
`Repurpose the following content:\n\n${content}`Review generated content before posting or emailing it, especially when the source is a third-party URL.