ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

资源交付分发

v1.0.0

资源交付分发技能 - 处理素材导出、格式转换和多平台分发

0· 191·0 current·0 all-time
by@jeyeshield

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jeyeshield/ad-production-delivery-distribution.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "资源交付分发" (jeyeshield/ad-production-delivery-distribution) from ClawHub.
Skill page: https://clawhub.ai/jeyeshield/ad-production-delivery-distribution
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ad-production-delivery-distribution

ClawHub CLI

Package manager switcher

npx clawhub@latest install ad-production-delivery-distribution
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (media export, conversion, distribution) align with the included TypeScript implementation: package creation, validation, packaging, and simulated uploads. No unrelated environment variables, binaries, or credentials are requested. Minor mismatch: SKILL.md uses api.executeAction names like 'delivery-distribution.export' while the code registers a 'delivery' command API, which is an inconsistency between documentation and implementation.
Instruction Scope
SKILL.md instructions stay within the stated domain and show API calls for export/distribute/package. The implementation logs, manages in-memory packages, and returns mock file paths (/tmp/...). It does not read arbitrary system files or environment variables in the visible portion. However, the SKILL.md's action names don't match the registerCommand names in the code, and the source file provided in the listing is truncated — the remaining code (not shown) could contain additional instructions (network calls, credential access, or external endpoints).
Install Mechanism
No install spec is present. The package is TypeScript source with no runtime dependencies in package.json; build requires tsc (devDependency). This is low-risk from install perspective. Note: SKILL.md mentions TypeScript compilation but no automated install/build is provided — ensure the runtime environment can compile/run the code.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The visible code does not attempt to access environment variables or secrets. This is proportionate to its stated purpose as a local packaging/distribution helper.
Persistence & Privilege
always is false and the skill is user-invocable. It registers commands via the skill API (normal). The visible code does not modify other skills or system-wide settings. No elevated privileges are requested in the visible code.
What to consider before installing
Things to consider before installing: - The visible code appears coherent and does not request credentials or perform network calls, but the index.ts listing was truncated in your package dump. Obtain and review the complete index.ts to ensure there are no hidden network uploads, credential reads, or external endpoints. - SKILL.md references api.executeAction names that don't match the registerCommand names in the code; confirm the intended integration surface so the agent will call the real entry points. - The implementation mostly returns mock /tmp paths and simulates uploads — it does not actually integrate with platform APIs in the visible code. If you need real uploads, expect to add platform-specific authentication and API integration; verify where credentials would be stored and that they're limited in scope. - Ensure the runtime environment can safely compile/run TypeScript (tsc) and that writing temporary files under /tmp is acceptable and cleaned up — watch for sensitive data being written to world-readable temp locations. - If you cannot review the remaining source, run the skill in a sandboxed environment and monitor outbound network traffic and file system activity before granting it access to production data or credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🚚 Clawdis
latestvk97fcvg88e8qt6pzdgvfk8w5ds836mp1
191downloads
0stars
1versions
Updated 8h ago
v1.0.0
MIT-0
@jeyeshield
latest
Download

Delivery Distribution - 资源交付分发

负责素材的导出、格式转换和多平台分发。

Setup

无需额外依赖,TypeScript编译后使用。

When to Use

需要交付广告素材时使用:

  • 导出生成完成的素材
  • 格式转换(PNG/JPEG/MP4等)
  • 多平台分发(社交媒体、广告平台等)
  • 素材打包下载

Architecture

delivery-distribution/
├── index.ts          # 主入口,处理交付分发
├── package.json      # 依赖配置
└── README.md         # 详细文档

Core Commands

导出素材

await api.executeAction('delivery-distribution.export', {
  materialId: string,   // 素材ID
  format: string,      // 目标格式
  quality?: string     // 质量设置
});

分发到平台

await api.executeAction('delivery-distribution.distribute', {
  materialIds: string[], // 素材ID列表
  platform: string,     // 目标平台
  config?: Record<string, any> // 平台配置
});

打包下载

await api.executeAction('delivery-distribution.package', {
  materialIds: string[], // 素材ID列表
  format: string        // 打包格式(zip/rar)
});

响应事件

  • delivery-distribution.export-complete - 导出完成
  • delivery-distribution.distributed - 分发完成
  • delivery-distribution.package-ready - 打包完成

Comments

Loading comments...