ClawHub

Newsletter Creation & Curation

v1.0.0

Industry-specific newsletter creation with cadence recommendations and automation workflows

2· 2.8k·4 current·4 all-time
byShashwat Ghosh@shashwatgtm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description match what the skill provides: prose guidance and templates for newsletter creation. It requires no binaries, no credentials, and the README explicitly states it does not connect to ESPs or perform automated aggregation, which is consistent with an instruction-only guidance skill.
Instruction Scope
SKILL.md is a long, prescriptive guide for planning, structuring, and distributing newsletters. It suggests manual publishing options (Substack, LinkedIn) but does not instruct the agent to read local files, access environment variables, call external APIs, or exfiltrate data. The instructions stay within the newsletter-authoring domain.
Install Mechanism
No install spec and no code files; it's instruction-only. This is the lowest-risk install pattern because nothing is written or executed on disk by an installer.
Credentials
The skill declares no environment variables, credentials, or config paths. That is proportionate for a guidance-only newsletter skill.
!
Persistence & Privilege
The skill is published with always: true (also present in SKILL.md metadata). That forces inclusion in every agent session and bypasses normal eligibility gates without an obvious justification for a purely advisory skill. Always-present skills increase attack surface and blast radius if a later update adds network or credential access.
What to consider before installing
This skill appears to be legitimate newsletter guidance and doesn't request secrets or install code — low functional risk — but it is flagged as 'always: true', meaning the platform will include it in every agent run. That setting is unnecessary for an instruction-only newsletter guide and raises privacy/supply-chain risk. Before installing or enabling it globally: 1) Ask the publisher why always:true is needed and request removal unless they can justify it. 2) Prefer installing it with 'always' disabled so it runs only when invoked. 3) Confirm the publisher identity (the README links a GitHub profile) and review that repository directly. 4) Ensure your agent platform prevents skills from making outbound network calls or accessing secrets unless explicitly authorized. If the publisher cannot justify always:true, treat the skill as potentially risky and do not enable it globally.

Like a lobster shell, security has layers — review code before you run it.

b2bvk977m4kbwnetnyatsew4mn8qsn7zywpycontent-curationvk977m4kbwnetnyatsew4mn8qsn7zywpyemail-marketingvk977m4kbwnetnyatsew4mn8qsn7zywpygtmvk977m4kbwnetnyatsew4mn8qsn7zywpylatestvk977m4kbwnetnyatsew4mn8qsn7zywpynewslettervk977m4kbwnetnyatsew4mn8qsn7zywpysaasvk977m4kbwnetnyatsew4mn8qsn7zywpy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis

Comments