ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Social Content Pillars

v1.0.0

Content pillar strategy builder for brands and creators. Define 5 core content pillars, generate 50+ post ideas, and build a repeatable content system that b...

0· 62·0 current·0 all-time
by@mguozhen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill claims to build content pillars and contains a Bash script that assembles a prompt and runs a local agent to generate content — this is coherent. However, the skill metadata declares no required binaries while the script requires 'openclaw' and 'python3' on PATH; that omission is a mismatch between claimed dependencies and actual needs.
Instruction Scope
SKILL.md and the script stay within the stated purpose: they build a content strategy from the provided brand/creator description. The script does not reference unrelated filesystem paths, environment variables, or external endpoints beyond invoking the local 'openclaw agent'.
Install Mechanism
There is no install spec (instruction-only + a small script), so nothing is downloaded or extracted. Risk is limited to running the provided script, which is small and readable.
Credentials
The skill declares no required environment variables or credentials, and the script does not read env vars. However, it relies on external tooling ('openclaw' and 'python3') that are not declared in the registry metadata — this can be surprising and may cause unexpected local tool invocation.
Persistence & Privilege
always is false and the script does not modify system-wide or other-skill configurations. The skill does invoke the local agent at runtime, but that is within normal agent behavior and not flagged here.
What to consider before installing
This skill appears to do what it says (generate content pillars), but review the included script before running. The script calls a local 'openclaw agent' and 'python3' to generate and parse results — those binaries must be present and will be executed. If you don't already have or trust the 'openclaw' binary on your system, do not run the script. Verify there are no hidden network endpoints in your local 'openclaw' installation, avoid pasting secrets into the input prompt, and ask the publisher to update the metadata to list required binaries (openclaw, python3) so dependency expectations are clear. If you want extra assurance, run the script in a sandbox or inspect the behavior of your 'openclaw' binary separately before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9760ba98ykbyq67vfknr3efhx83f794

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments