Content Writing & Thought Leadership
v1.0.0B2B content writing with daily workflows and batching systems across Sales/HR/Fintech/Ops Tech
⭐ 9· 3.4k·11 current·11 all-time
byShashwat Ghosh@shashwatgtm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the provided SKILL.md and README: it's a content-writing / thought-leadership playbook. There are no unexpected required binaries, env vars, config paths, or install steps that would contradict the claimed purpose.
Instruction Scope
The runtime instructions are long-form editorial workflows and templates intended for human-guided content creation and remain within the stated domain (strategy, templates, workflows). They do not contain calls to external endpoints, credentials, filesystem reads, or commands that would exfiltrate data — however, the SKILL.md contains unicode control characters flagged by the scanner (possible prompt-injection attempt to alter downstream processing).
Install Mechanism
Instruction-only skill with no install spec or code files. This is low-risk from an install-code perspective because nothing is downloaded or written by an installer.
Credentials
No required environment variables, credentials, or config paths are declared — proportionate to a documentation/workflow skill. The README explicitly states it cannot publish or integrate with external systems, matching the lack of credentials.
Persistence & Privilege
The skill sets always:true in its registry metadata, which forces the skill to be included in every agent run. That elevates the blast radius if the skill contains hidden/injected content. Always:true is unnecessary for most content-writing skills and combined with the prompt-injection signal increases risk.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contains unicode control characters. These characters are not necessary for a content-writing playbook and are commonly used in prompt-injection attempts to manipulate parsers or hide instructions. Because this skill is instruction-only, hidden characters could change how the agent or evaluators interpret or execute the instructions.
What to consider before installing
What to consider before installing:
- Ask the publisher why always:true is set. Most skills do not need forced inclusion; request they remove it unless there's a clear, documented reason.
- Verify provenance. The README lists an author and GitHub/LinkedIn links — manually confirm the repository/account and that this exact SKILL.md comes from that source.
- Inspect the raw SKILL.md for hidden unicode/control characters. If present, request a cleaned copy or sanitize it yourself before installing. Hidden characters can be used to alter prompts or inject instructions.
- Because the skill is instruction-only and requests no credentials, it cannot by itself access your systems — but always:true makes it run in all agent contexts. If your agent has connectors or credentials (e.g., publishing, cloud, or messaging integrations), avoid installing this skill globally until the above concerns are addressed.
- If you want to try it, run it in an isolated/test agent with no sensitive connectors or credentials exposed, and monitor agent outputs closely.
If the author removes always:true and provides a clean SKILL.md (no control characters) or explains why the control chars are safe, this assessment would likely move to benign/high confidence.Like a lobster shell, security has layers — review code before you run it.
b2bvk974p4nccg89sefvmj3gaxmcn17zzqdzcontent-writingvk974p4nccg89sefvmj3gaxmcn17zzqdzgtmvk974p4nccg89sefvmj3gaxmcn17zzqdzlatestvk974p4nccg89sefvmj3gaxmcn17zzqdzlinkedinvk974p4nccg89sefvmj3gaxmcn17zzqdzsaasvk974p4nccg89sefvmj3gaxmcn17zzqdzthought-leadershipvk974p4nccg89sefvmj3gaxmcn17zzqdz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
✍️ Clawdis