ClawHub

Blog Content Publish

v1.0.8

Publish editorial and dynamic section content with blog-publish, enforce quality gates for hot/news/ai_news, and sync repository skills to ClawHub via clawhu...

0· 1.1k·8 current·8 all-time
by郭立lee@leeguooooo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Skill name/description match the SKILL.md: it documents using the @leeguoo/blog-publish CLI to publish editorial and dynamic-section content, enforce deterministic quality gates for hot/news/ai_news, and sync content. The one minor mismatch is a brief mention of 'clawhub sync --all' without much detail, but that is plausible given the stated sync capability.
Instruction Scope
Runtime instructions focus on generating and validating markdown, running dry-runs, and using blog-publish commands (login, publish, download, upload). They do not instruct reading unrelated system files or exfiltrating data to unknown endpoints. The instructions do require performing local file operations and searches (rg) on generated markdown, which is coherent with the publishing workflow.
Install Mechanism
There is no formal install spec in the registry entry, but the SKILL.md recommends installing the CLI via pnpm (pnpm add -g @leeguoo/blog-publish). Installing a global npm package is a normal delivery mechanism for a CLI but does alter the system PATH and pulls code from the npm registry — verify the package identity and source (npm/GitHub) before installing globally.
Credentials
The registry metadata declares no required env vars. The SKILL.md uses an interactive SSO login flow and API base parameters (blog.misonote.com) rather than requiring static credentials in env vars, which is proportionate. Note: publishing requires authenticated access and the CLI will likely persist tokens or local session state on disk; review where the CLI stores credentials before use.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It is instruction-only and does not attempt to modify other skills or system-wide agent settings.
Assessment
This skill appears coherent and low-risk as an instruction-only guide for a blog-publish CLI, but take these precautions before installing or running it: (1) Inspect the @leeguoo/blog-publish package on npm/GitHub to confirm the publisher and review code or releases before running pnpm add -g. (2) Prefer installing the CLI in a contained environment (container or VM) or use a non-global install if you don't want system-wide changes. (3) Confirm where the CLI stores auth tokens/session files and ensure you are comfortable granting the blog server account publish rights. (4) Review the full (untruncated) SKILL.md to ensure there are no additional commands or endpoints (the provided content was truncated). (5) When running automated publishes, always run the recommended dry-run checks first and validate that no internal 'producer' metadata will be exposed on public pages.

Like a lobster shell, security has layers — review code before you run it.

latestvk9719herevdp688evwad22x9rs82cc25

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments