ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hot Content Writer

v1.2.0

✍️ 热点文案一键生成!输入热点话题,AI自动生成小红书/抖音/公众号/微博多平台文案。支持DeepSeek API,成本极低!自媒体运营必备!免费使用,定制开发请联系作者。

0· 63·0 current·0 all-time
by蓝天@qq853632587
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: generate.py and daily_content.py implement multi‑platform content generation and optional DeepSeek API usage. The 'hot‑list linkage' feature is implemented by executing other local 'hot' scripts in the workspace (bilibili/weibo fetchers), which is coherent with the advertised '联动热榜' feature but implies cross‑skill/script execution that a user might not expect.
!
Instruction Scope
SKILL.md and the code instruct running local Python scripts and invoking sibling 'hot' skill scripts (subprocess.run). daily_content.py writes/reads files using a hardcoded Windows path (C:\tmp\hot_*.json) and calls other scripts in the workspace; generate.py will call external APIs. The SKILL.md does not clearly warn that it will execute arbitrary scripts found in neighboring directories or that it will read environment variables beyond the listed DEEPSEEK_API_KEY fallback. A prompt‑injection detector flagged unicode control characters in SKILL.md, which could attempt to manipulate LLM prompts or the evaluation flow.
Install Mechanism
No external download/install spec is present (instruction + bundled Python files). That is lower install risk than pulling binaries from arbitrary URLs. The package.json entries are harmless/typical; there is no installer that fetches remote code at install time.
!
Credentials
The skill does not declare required env vars, but the code reads DEEPSEEK_API_KEY, OPENAI_API_KEY, OPENAI_API_BASE, and CONTENT_MODEL (and falls back to config.json). Requesting API keys for the AI provider is expected, but undeclared or undocumented fallbacks (e.g., reading the user’s OPENAI_API_KEY) reduce transparency. Users may inadvertently expose an unrelated API key. The number of credential/environment entries accessed is modest, but they should have been declared in metadata.
!
Persistence & Privilege
The skill does not request 'always: true' (good). However it executes other local scripts in the same workspace (subprocess.run on sibling paths) which permits lateral action: if arbitrary scripts exist in the workspace they will be run. That gives the skill the ability to execute code beyond its own files at runtime, which increases the blast radius if installed in a workspace containing other skills or scripts.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters flagged by the pre-scan. This is not required for a content‑generation skill and may indicate an attempt to influence/or hide content in prompts or files; review SKILL.md and the files for hidden characters before trusting prompts or automated invocations.
What to consider before installing
What to consider before installing: - Inspect the bundled Python files (generate.py, daily_content.py) yourself. They are included and executable; the behavior described below is visible in the code. - API keys: the skill will accept a DeepSeek key (recommended) but also reads OPENAI_API_KEY and other environment fallbacks. Only provide a dedicated, limited‑scope API key. Do not reuse high‑privilege keys. - Cross‑skill execution: daily_content.py will try to run sibling 'hot' scripts (e.g., bilibili-hot-daily/fetch_hot.py, weibo-hot-daily/fetch_hot.py) from the workspace using subprocess.run. If you install this into a workspace containing other scripts, those scripts could be executed. Run this in an isolated workspace or verify/clean the workspace first. - File paths: the daily script writes to a hardcoded Windows path (C:\tmp\hot_*.json). On non‑Windows systems behavior may be unexpected; check and, if needed, modify paths to a safe location. - Network calls: the generator will send prompts to an external API (api.deepseek.com or whatever api_base you configure). Expect data (topics/prompts) to be transmitted to that provider; if prompts contain sensitive information do not send them. - Prompt‑injection indicator: the SKILL.md had unicode control characters flagged — this could be a benign formatting artifact but could also indicate attempts to manipulate LLM prompts. Review SKILL.md and prompt construction in generate.py (build_prompt) and sanitize any inputs that will be forwarded to the API. Recommended actions: - Use a sandbox or isolated environment to run the skill first. - Provide a purpose‑limited API key and monitor usage/billing from the provider dashboard. - Audit or remove any unexpected sibling scripts in the workspace before using the '--from-hot' or daily automation features. - If you need the skill to run automatically, consider implementing stricter path handling and limits, and avoid placing it in a workspace with untrusted scripts. If you want, I can point out the exact lines that read environment variables, call subprocesses, or write to C:\tmp so you can review/patch them before running.

Like a lobster shell, security has layers — review code before you run it.

latestvk979hr6hhn8t3nj6prhk76rwy183t35x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

✍️ Clawdis
Binspython3

Comments