ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Content Publisher

v1.0.0

Publish content to Medium, Dev.to, and Hashnode from markdown files. Handles formatting, SEO optimization, scheduling, and cross-posting with canonical URLs....

0· 124·0 current·0 all-time
by@qoohsuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description says 'publish from markdown files' to Medium/Dev.to/Hashnode, which matches the declared platforms. However the skill metadata declares no required environment variables or credentials, while the SKILL.md explicitly expects DEVTO_API_KEY, HASHNODE_TOKEN, and a Google login for Medium browser automation. Also the SKILL.md does not explain how the agent should read local markdown files (no file paths, no input variable), so the requested capabilities don't align with the declared requirements.
!
Instruction Scope
Instructions reference running curl with $DEVTO_API_KEY and $HASHNODE_TOKEN and using browser automation + Google login for Medium. They instruct manual UI actions (navigate, paste, click) but do not specify how the agent obtains article content (file reads, path, or provided payload), nor how to perform or authenticate browser automation safely. The instructions thus ask the agent to use credentials and perform interactive automation without describing auth flows or limits.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is written to disk during install. This reduces install-time risk.
!
Credentials
Although the registry lists no required env vars, the SKILL.md requires at least DEVTO_API_KEY and HASHNODE_TOKEN and implies Google account access for Medium. Those credentials are proportionate to the claimed platforms, but it is inconsistent and risky that they are not declared in the metadata. The skill gives no guidance on scope, storage, or least-privilege usage for these secrets.
Persistence & Privilege
always is false (normal) and autonomous invocation is allowed (default). Autonomous invocation combined with the skill's need for undeclared credentials and browser automation raises risk if the agent acts without clear user confirmation, but persistence/privilege flags themselves are not elevated.
What to consider before installing
Before installing, ask the publisher to: (1) declare the exact environment variables the skill needs (DEVTO_API_KEY, HASHNODE_TOKEN, and any Google/OAuth tokens) in the registry metadata; (2) explain how markdown files are provided (file paths, upload, or direct content) and whether the agent will read local files; (3) avoid asking you to share Google credentials — prefer OAuth flows or personal account manual login; (4) document where publication IDs and publication-specific settings come from; (5) clarify whether the agent will act autonomously or require explicit user confirmation for each publish action. If you plan to use this, do not store long-lived tokens in plaintext, limit token scopes, and consider running publishing actions manually (or after an explicit confirmation) until the authentication and file-access behaviors are fully specified.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aapddvm4cyz23qvxa3d4dt9835x1w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments