Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Content Factory Mcp
v1.0.0Multi-format content generation: Q&A, reports, quizzes, flashcards, mind maps, slide decks. 9 output formats from single input.
⭐ 0· 27·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description promise multi-format content generation which matches the code's tools, but the SKILL.md and README repeatedly claim "100% local AI inference (zero external API calls)" while the handlers and main server call external hosts (defaults: https://vision.ntriq.co.kr and references to x402.ntriq.co.kr / an Apify actor URL). The skill also implements micropayments/charging (Actor.charge) and telemetry (trackMCP) that are not declared in the registry metadata — these capabilities are not consistent with the 'local-only' claim.
Instruction Scope
SKILL.md shows example curl calls to x402.ntriq.co.kr and promises auto-pay workflows; the runtime code sends user-supplied text to an external server, returns URLs provided by that server (e.g., audio_url), and calls Actor.charge and trackMCP. The instructions therefore direct network transmission of user content and introduce billing/telemetry behavior that the skill description downplays or contradicts.
Install Mechanism
There is no install spec in the registry, but package.json and package-lock.json indicate many npm dependencies will be required to run (Apify, @modelcontextprotocol/sdk, etc.). The lockfile includes event-stream@3.3.4 as an indirect dependency (via @apify/ps-tree), a package historically linked to a supply-chain incident — this increases the risk surface if you install and run the node stack.
Credentials
Registry metadata declares no required environment variables, but the code reads process.env.NTRIQ_AI_URL and process.env.APIFY_CONTAINER_PORT and uses Apify's Actor which typically relies on Apify credentials/tokens when charging. The skill also includes a hard-coded telemetry UUID (trackMCP). Undeclared network endpoints, potential billing operations, and telemetry are disproportionate to what's advertised as a local, privacy-preserving tool.
Persistence & Privilege
The skill is not always-enabled and doesn't request system-level privileges or modify other skills. However, it registers an MCP server, can be invoked by agents, performs billing attempts (Actor.charge) and telemetry (trackMCP), and exposes an HTTP /mcp endpoint — combined with the external-network behavior, this increases operational impact if run with network/billing access.
Scan Findings in Context
[OUTBOUND_FETCH_TO_NTRIQ] unexpected: Handlers use fetch to POST user text to https://vision.ntriq.co.kr (and SKILL.md/README reference x402.ntriq.co.kr / an Apify actor URL). This contradicts the '100% local AI inference (zero external API calls)' claim and means user content may be sent off-host.
[INCLUDES_EVENT_STREAM_3_3_4] unexpected: package-lock.json shows event-stream@3.3.4 as an indirect dependency (via @apify/ps-tree). That package historically had a supply-chain compromise; its presence raises supply-chain risk and should be reviewed/updated before running.
[ACTOR_CHARGE_USAGE] expected: The code calls Actor.charge and SKILL.md / README reference a micropayment model. Billing is therefore an intended capability, but it requires proper disclosure and configuration (Apify tokens, billing account) which are not listed in the registry metadata.
What to consider before installing
Do not install or run this skill until you verify a few things: (1) Confirm the exact endpoints the skill will call (vision.ntriq.co.kr, x402.ntriq.co.kr, or an Apify actor URL) and whether those servers are acceptable destinations for any text or files you will send. (2) Ask the owner to clarify the "100% local inference" claim — the code clearly performs outbound network calls. (3) Confirm how micropayments/billing work and whether your Apify account (or other billing tokens) will be charged; ensure no secrets (APIFY_TOKEN) will be exposed or used without consent. (4) Audit and update dependencies (the lockfile includes event-stream@3.3.4) or run in an isolated environment with restricted outbound network access. (5) If you need a strictly local tool, request a version that uses a true local model endpoint and declares required env vars and install steps. If you proceed, run it in a sandboxed environment, review logs/telemetry behavior (trackMCP), and inspect network traffic to confirm no unexpected exfiltration.src/handlers/content.js:6
Environment variable access combined with network send.
src/handlers/tts.js:6
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97c5v2ky4tbbzhjjr812e5335842bzr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.