Back to skill
Skillv1.0.0
ClawScan security
AI内容变现助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 3:22 PM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requested resources, instructions, and included Python script are coherent with a local content-monetization assistant and do not ask for unrelated credentials or network access, though you should review/ sandbox the shipped Python before running since the repository source is unknown.
- Guidance
- This skill appears internally consistent with its stated purpose and only runs a local Python tool. Before installing or running: (1) review the full monetization_tool.py yourself (search for network, subprocess, or os.system usage) because running arbitrary Python can do anything your account can do; (2) if you are unsure, run the script in a sandbox or isolated environment; (3) note it will create ~/.openclaw/workspace/monetization_reports to store outputs; and (4) be cautious because the skill has no published homepage or known author — trust the code only after inspection.
Review Dimensions
- Purpose & Capability
- okName/description (content monetization) match the included materials: SKILL.md, README, and a local Python tool that evaluates content, recommends channels, computes pricing and predicts revenue. No unrelated cloud credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md provides explicit, bounded runtime instructions (how to run analyses, which outputs to produce). It does not instruct reading unrelated system files, accessing environment secrets, or transmitting data to external endpoints. The README and SKILL.md indicate running the provided monetization_tool.py locally.
- Install Mechanism
- okNo install spec is provided (instruction-only behavior plus a shipped Python script). Nothing is downloaded from external URLs or installed automatically, so there is no high-risk install mechanism in the package itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The included script uses the user's home directory (~/.openclaw/workspace) for output, which is proportionate to producing local reports and consistent with the skill's purpose.
- Persistence & Privilege
- okThe skill is not forced always-on and does not request system-wide privileges. It creates a workspace/ output directory under the user's home for report files — a normal behavior for a local reporting tool.