content-pipeline
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: content-pipeline Version: 1.0.1 The skill orchestrates a content pipeline, which involves executing other skills and managing local event files. While the core functionality aligns with its stated purpose, the `--skip-review` option, explicitly labeled as 'risky' in SKILL.md, allows the entire content generation and publishing workflow to proceed without human approval. This capability, even if optional, represents a significant security risk as it bypasses a critical control point, potentially enabling the automated publication of malicious or inappropriate content if upstream skills or content generation phases are compromised or subject to prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generated content could be posted publicly before a human verifies the final images, caption, target account, or collaboration tag.
The documented automatic path can proceed from content generation to social publishing, and the skip-review option explicitly removes approvals for a high-impact public action.
`--auto` — Auto-execute all stages ... `--skip-review` — Proceed without approval at each stage (risky) ... Execute social-publisher with images + caption
Require an explicit final confirmation before any publish action, make review mode the default, and clearly show the destination account, caption, media, and tags before posting.
A connected social account could be used in ways the user did not clearly authorize or review.
The artifacts describe posting to social accounts but do not declare or scope the credentials, account authority, or permissions needed for that action.
Primary credential: none; Required env vars: none ... Publish to Instagram/SNS ... Auto-publish to Instagram (tag collaboration account)
Declare the required social-publishing credentials, restrict them to the intended account and posting scope, and require user approval before using them.
Risk depends partly on other skills, especially the one that publishes to social media.
The skill delegates to multiple other skills/tools that are not included in this artifact set; this is expected for a meta-skill, but the safety of the workflow depends on those dependencies.
1. seo-content-planner ... 2. copywriting ... 3. cardnews ... 4. social-publisher ... 5. Performance tracking
Review and approve each dependent skill separately before enabling the full pipeline.
Old or tampered event files could cause the pipeline to publish or report on the wrong content.
The workflow reuses persisted event files as inputs for later stages, so stale or modified files could influence drafts, designs, publishing, or reports.
Each stage automatically reads previous stage results from `events/` directory
Review event files before reuse, keep the events directory scoped to this workflow, and clear or validate stale files before publishing.