Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Personal Branding
v1.0.0Generate a complete personal brand system including optimized LinkedIn profile, multi-platform bios, content strategy, brand voice, and a 60-second brand vid...
⭐ 0· 33·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and SKILL.md consistently describe generating brand assets (LinkedIn rewrite, bios, content plan, 60s video). The listed tools (Apify for scraping, InVideo for video, Claude for writing) are coherent with that purpose. However, the registry metadata declares no required credentials or env vars while the SKILL.md clearly expects an apify_token and an invideo_api_key as inputs. That registry omission is an inconsistency.
Instruction Scope
Runtime instructions explicitly instruct scraping multiple third‑party sites (LinkedIn, Twitter/X, Google, Reddit) via Apify and calling InVideo for video production. The instructions therefore will collect public/social data and transmit it to external services. The SKILL.md does not describe how scraped data is stored, retained, or protected, nor does it mention compliance/TOS considerations for LinkedIn scraping. The instructions do not reference reading unrelated local files or other system credentials, which is good, but the external scraping and data transmission is a notable scope consideration.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by the skill bundle itself. That minimizes file/install risk.
Credentials
The SKILL.md requires apify_token and invideo_api_key (present in the example input JSON) but the registry lists no required environment variables or primary credential. Additionally, the skill references Claude AI but does not specify how/where that credential is supplied. Requesting API keys for Apify and InVideo is proportionate to the described functionality, but the mismatch between declared and required credentials and the lack of detail about how keys are stored/used is a red flag.
Persistence & Privilege
The skill is not marked always:true, has no install steps, and does not request persistent system presence. It does instruct use of external services but does not request elevated platform privileges or modify other skills' configs.
What to consider before installing
Before installing or using this skill:
- Don't paste permanent or high‑privilege API keys until you confirm how they're used and stored. The SKILL.md expects an apify_token and an invideo_api_key but the registry metadata omitted those requirements — ask the author to declare them explicitly and explain storage/retention.
- Understand that the skill scrapes third‑party sites (LinkedIn, Twitter/X, Google, Reddit). Scraping LinkedIn can violate their terms and may return private or copyrighted content; ask how the skill handles rate limits, legal/TOS concerns, and deleted/PII content.
- Confirm where scraped and generated data is sent and stored (Apify, InVideo, Claude, or other endpoints). If you must provide credentials, prefer scoped, revocable tokens and review logs/consent or test with throwaway accounts.
- Ask for clarification on Claude usage (which Claude endpoint/account) and whether the platform will keep or share outputs.
- If you are uncomfortable sharing API keys, request a version that accepts user-provided exports (e.g., you run scrapers yourself and upload a dataset) or perform the scraping separately and feed only sanitized inputs to the skill.
Given the credential/metadata mismatch and external data flows, treat this skill as potentially useful but verify the above details and the author's trustworthiness before supplying credentials or sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk9723vjprwy59yxrn5v46vw0k9841mkj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.