ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Content Creator Pro

v1.0.3

You have something to say but crafting platform-perfect posts for X, LinkedIn, Instagram, and TikTok is a full-time job. Content Creator Pro learns your bran...

0· 74·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description (multi-platform content generation, brand voice learning, calendar exports) match the included files and instructions. It requests no environment variables or external credentials, keeps data in local JSON files, and does not require network access by default. The dashboard and DB schema are optional companion artifacts (for users who choose to build a hosted dashboard) and do not contradict the offline-first claim.
Instruction Scope
SKILL.md limits runtime activity to reading/writing files under the skill workspace (data/*.json, config/), running the provided export script, and optionally using web_fetch/web_search when the user explicitly asks to fetch a URL. It also includes an explicit prompt-injection defense telling the agent to treat external content as data-only. Minor concerns: examples and prose describe fetching external URLs and extracting content (which is expected behavior when the user asks) — make sure you only allow web fetches for explicit, safe https:// URLs. Also, SETUP-PROMPT uses a find command that scans $HOME for the skill package directory (intended to locate the skill copy) — this is not a secret exfiltration action but it may search the filesystem, so inspect the path it finds before copying.
Install Mechanism
There is no remote installer; the skill is instruction-only and uses local scripts. That is low risk. The provided export-calendar.sh is included as a local script and requires jq (documented). Note: export-calendar.sh contains a workspace-detection loop that will always reach '/' and then exit (appears to be a logic bug) — the script as packaged will likely immediately error instead of locating the skill directory; this is an implementation bug rather than malicious behavior.
Credentials
The skill declares zero required env vars, no credentials, and no config paths outside its workspace. All file permissions/chmod operations in SETUP-PROMPT are scoped to the skill workspace and intended to lock down data files (chmod 700/600). Nothing requests unrelated credentials or broad system access.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills or system-wide settings. Setup creates/locks files inside the skill folder only. Autonomous invocation is allowed by default (normal for skills) but not combined with broad privileges or credential access.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] expected: The pattern detector flagged 'ignore-previous-instructions' inside SKILL.md. In context this appears intentionally defensive: the SKILL.md includes an explicit prompt-injection defense telling the agent to treat external content as data-only and to ignore instruction-like text. This is expected and appropriate for a skill that ingests user-supplied content or fetched web pages.
Assessment
This skill appears to do what it says: local-first content generation with brand profiles saved as JSON. Before installing: 1) Inspect the files yourself (data files are plain JSON) and confirm you are comfortable keeping brand data locally. 2) If you plan to use web_fetch or paste URLs, only allow explicit https:// URLs you trust — the skill's doc enforces this but you should still supervise fetched content. 3) Review scripts/export-calendar.sh — it contains a workspace-detection bug that will cause it to fail; fix or test the script before relying on exports. 4) SETUP-PROMPT runs a find over $HOME to locate the skill package — verify the discovered SKILL_DIR before copying to avoid accidental file operations. 5) If you later deploy the dashboard or a hosted DB, treat that as a separate integration that will require credentials and network access; review the dashboard code and hosting choices carefully. Overall, there are no red flags of credential exfiltration or hidden network calls in the packaged files — the issues found are implementation bugs and usability items rather than malicious behavior.
!
SKILL.md:19
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9722zwwnj34eak5v1d1m8n3es83ygmp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments