ClawHub

Agent Content Pipeline

v0.2.3

Safe content workflow (drafts/reviewed/revised/approved/posted) with human-in-the-loop approval, plus CLI to list/move/review and post to LinkedIn/X. Use when setting up a content pipeline, drafting content, managing review threads, or posting approved content.

5· 3.2k·10 current·10 all-time
by@larsderidder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (content drafting → review → approve → post) align with the included CLI workflow and commands. However the registry metadata shown to you said 'no install spec' and 'no required binaries', while the included skill.json declares an npm install that provides 'content'/'content-pipeline' CLI binaries — an internal inconsistency. Installing a global npm package to provide the CLI is reasonable for this purpose, but the skill bundle does not provide the package source for local review (the SKILL.md instructs 'npm install -g agent-content-pipeline').
!
Instruction Scope
The runtime instructions mostly confine the agent to drafting, revising, and moving files and explicitly say the agent 'cannot approve' or 'cannot post'. But the SKILL.md also documents the 'content post' command and gives manual steps for extracting cookies (auth_token and ct0) from Firefox DevTools and pasting them — instructions that involve sensitive credentials/cookies. That instruction expands the scope of what a human might be asked to supply and could enable posting or token misuse if combined with unattended CLI execution. The guidance to paste browser tokens is a risky operation and is not strictly necessary for drafting/reviewing.
Install Mechanism
An npm install (-g agent-content-pipeline) is the declared install mechanism in skill.json and the SKILL.md. Installing a third-party global npm package is a typical way to get a CLI, but it has moderate risk because arbitrary code will be written to the host and run. No package tarball or local code is included in the skill bundle for review, so you cannot audit what the npm package does before installing.
!
Credentials
The skill declares no required env vars or config paths (and the top-level metadata reported 'none'), which is consistent with the idea of an offline draft/review pipeline. However the instructions for posting to X ask the user to extract and paste auth_token and ct0 cookies — sensitive tokens not declared in requires.env. This is disproportionate to the core drafting/review purpose and creates a potential vector for credential exposure or accidental agent-driven posting if the CLI or agent later uses those tokens.
Persistence & Privilege
always is false and the skill does not request persistent privileges in the manifest. The SKILL.md emphasizes that approval and posting are human actions. There is no evidence the skill attempts to modify other skills or system-wide config. However, because the skill requires installing an npm package, that package will persist on the system and could run code; this is expected but worth auditing.
What to consider before installing
This skill is plausible for managing drafts and reviews, but proceed cautiously. Key things to consider before installing or using it: - The skill asks you to globally install an npm package you cannot audit from the bundle; inspect the package source (npm page / GitHub repo) and review its code before running npm install -g. - The SKILL.md tells you to extract browser cookies (auth_token, ct0) manually — avoid copying/pasting session cookies unless you fully trust and have audited the tooling. Prefer official OAuth or API token flows when possible. - Confirm that the CLI will not post automatically or store tokens unencrypted; test with dry-run modes and minimal privileges. - Verify the package homepage/repository (skill.json references a GitHub page) matches the registry listing and that the maintainer is trusted. - If you cannot audit the npm package, consider running it in an isolated environment (VM/container) or decline installing. If you install, restrict the agent's ability to invoke the CLI autonomously (require explicit user invocation) and never provide browser session cookies to the tool.

Like a lobster shell, security has layers — review code before you run it.

approvalvk976jvc1jpwm8gt7e25z7zyxhh80e202contentvk976jvc1jpwm8gt7e25z7zyxhh80e202latestvk976jvc1jpwm8gt7e25z7zyxhh80e202linkedinvk976jvc1jpwm8gt7e25z7zyxhh80e202workflowvk976jvc1jpwm8gt7e25z7zyxhh80e202xvk976jvc1jpwm8gt7e25z7zyxhh80e202

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments