ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

审核质检

v1.0.0

审核质检技能 - 自动化质量评估和人工审核工作流

0· 212·0 current·0 all-time
by@jeyeshield

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jeyeshield/ad-production-review-quality.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "审核质检" (jeyeshield/ad-production-review-quality) from ClawHub.
Skill page: https://clawhub.ai/jeyeshield/ad-production-review-quality
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ad-production-review-quality

ClawHub CLI

Package manager switcher

npx clawhub@latest install ad-production-review-quality
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The implemented index.ts provides in-memory review storage, automated checks, manual review commands, batch operations, stats, and listens for generation.completed — which aligns with an ad review/quality workflow. However, SKILL.md and comments reference different action names and event names (e.g., SKILL.md shows api.executeAction('review-quality.auto-review') and events like 'review-quality.auto-reviewed'), whereas the code registers a top-level command named 'review' with subcommands (check/submit/...) and emits 'review.completed' / 'review.rejected'. This mismatch is an incoherence between docs and implementation.
Instruction Scope
SKILL.md instructs use of executeAction('review-quality.*') and documents certain event names, but the runtime code exposes command-based API and different event names. Aside from the naming mismatch, the instructions and code do not attempt to read files, environment variables, or contact external endpoints — no suspicious data-collection or exfiltration behavior is present.
Install Mechanism
No install spec is provided (instruction-only skill); package.json lists only devDependencies (TypeScript, @types/node). There are no downloads, external installers, or extracted archives — low install risk.
Credentials
The skill declares no required environment variables or credentials. The code briefly references api.user?.id (platform-provided user identity) but does not request or read secrets, tokens, or config paths — access appears proportionate for its function.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill keeps data in an in-memory Map (no persistent storage), registers its own commands/events, and listens for generation.completed. It does not modify other skills or system-wide settings.
What to consider before installing
This skill's implementation appears harmless (no network calls or secret access) but the SKILL.md documentation and the actual code disagree about action names and event names. Before installing or using it: 1) Verify which API your agent expects (executeAction('review-quality.*') vs. registerCommand('review' subcommands) and update either the code or docs so they match. 2) Confirm the event names your system listens for — the code emits 'review.completed'/'review.rejected' while the documentation lists different event names. 3) Note that reviews are stored only in memory (Map) — they will be lost on restart; if persistent storage is needed, request that change. 4) Test the skill in a development environment and inspect emitted events to ensure they won't be accidentally handled by unrelated listeners. These inconsistencies look like sloppy documentation or bundling rather than malicious behavior, but they can cause silent failures, so fix/verify before production use.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Clawdis
latestvk973j5erpbj4w25btxwk6yew7s836fmq
212downloads
0stars
1versions
Updated 2h ago
v1.0.0
MIT-0
@jeyeshield
latest
Download

Review Quality - 审核质检

负责广告素材的质量评估和审核工作流。

Setup

无需额外依赖,TypeScript编译后使用。

When to Use

  • 自动审核广告素材质量
  • 人工审核流程管理
  • 质量评估和打分
  • 合规性检查

Architecture

review-quality/
├── index.ts          # 主入口,审核质检逻辑
├── package.json      # 依赖配置
└── README.md         # 详细文档

Core Commands

自动审核

await api.executeAction('review-quality.auto-review', {
  materialId: string,    // 素材ID
  criteria?: {          // 审核标准
    resolution?: { minWidth: number, minHeight: number },
    format?: string[],
    maxFileSize?: number
  }
});

人工审核

await api.executeAction('review-quality.manual-review', {
  materialId: string,    // 素材ID
  reviewer: string,      // 审核人
  decision: 'approved' | 'rejected' | 'revise',
  comments?: string
});

质量评估

await api.executeAction('review-quality.assess', {
  materialId: string,    // 素材ID
  dimensions: string[]   // 评估维度
});

获取审核状态

await api.executeAction('review-quality.get-status', {
  materialId: string     // 素材ID
});

响应事件

  • review-quality.auto-reviewed - 自动审核完成
  • review-quality.manual-reviewed - 人工审核完成
  • review-quality.assessed - 质量评估完成

Comments

Loading comments...