Back to skill
Skillv1.1.0
ClawScan security
Content Repurposer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 23, 2026, 3:48 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are coherent with its stated purpose (local content repurposing and simple local storage), but review local storage behavior and the platform's enforcement of read/write scope before installing.
- Guidance
- This skill appears to do what it says: generate multiple platform-ready text outputs and save them locally. Before installing, consider: (1) the skill will create and store files under ~/.openclaw/content-repurposer — do not paste secrets or private data you don't want stored locally; (2) confirm how the platform enforces the 'read' and 'write' tool permissions (are they limited to the skill directory or do they allow broader filesystem/network access?); (3) the example settings.json uses // comments which are invalid JSON — if the skill writes files automatically, check that files are valid and readable; (4) if you require encryption or auto-deletion of saved content, request those features or avoid saving sensitive material. If these points are acceptable, the skill is coherent with its purpose.
Review Dimensions
- Purpose & Capability
- okName/description (convert content into multiple social formats) matches the SKILL.md: no external APIs, no credentials, and only local read/write of a ~/.openclaw/content-repurposer directory. The requested capabilities (read/write) are appropriate for saving preferences, history, and outputs.
- Instruction Scope
- noteInstructions are focused on repurposing content and on creating/storing files under ~/.openclaw/content-repurposer. The SKILL.md repeatedly asserts "NO external API calls" which is consistent with the instructions, but that is a behavioral claim the platform cannot enforce from static instructions. Also note the example settings.json includes // comments (invalid JSON) — a minor inconsistency that could cause errors if copied verbatim. The skill will persist user-provided content locally (history.json/saved.json) — so users should not paste secrets or sensitive data unless they accept local storage.
- Install Mechanism
- okInstruction-only skill with no install steps and no third-party downloads. This is the lowest-risk install mechanism.
- Credentials
- okNo environment variables, no credentials, and no config paths beyond the skill's own directory. Required tool permissions are limited to read/write which align with saving and loading preferences/history.
- Persistence & Privilege
- notealways:false (not force-installed) and the skill only asks to create files under ~/.openclaw/content-repurposer. However the declared requirement of 'read' and 'write' tools could be broader depending on the platform's enforcement; confirm that those tools are sandboxed to the stated path. The skill will persist user content locally and update stats/history.