blog-push
v1.0.1Hugo 博客文章发布工具。支持三种内容类型:posts(博客文章)、daily(日报)、weekly(周报)。使用场景:(1) 用户需要发布博客文章到 Hugo,(2) "发布文章"、"publish blog"、"创建博客"、"发布日报"、"发布周报",(3) 将完成的 Markdown 文档移动到对应目录。...
⭐ 0· 104·0 current·0 all-time
byAlex Redisread@redisread
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Hugo blog publisher) matches the included Python script and SKILL.md: both implement copying/templating of Markdown and cover images into Hugo content directories and offer classification/tag suggestions. One minor mismatch: the registry declares no required environment variables, but the SKILL.md and script rely on several optional env vars (HUGO_BLOG_DIR, HUGO_POSTS_DIR, HUGO_TEMPLATE_PATH, etc.). These are optional defaults and do not appear to be secrets.
Instruction Scope
SKILL.md instructs the agent/user to run the included Python script and to set environment variables or command-line arguments. The runtime instructions and script operations stay within the stated purpose (reading templates, analyzing Markdown, copying files into the blog tree, updating front matter). There are no instructions to read unrelated system files or to send data externally.
Install Mechanism
No install spec or remote downloads are present; this is an instruction-only skill that ships a local Python script and an example config. That is low risk — nothing is fetched from external URLs and no archives are extracted.
Credentials
The skill does not request credentials or secret environment variables. It uses only file-path environment variables (HUGO_BLOG_DIR and related) which are appropriate for a tool that writes into a local Hugo project. The number of env vars is reasonable for configurability.
Persistence & Privilege
always:false and default model-invocation settings are used. The skill does not request permanent system-wide changes, nor does it attempt to modify other skills or system configurations beyond writing files into the user-specified blog directory.
Assessment
This skill appears to do what it says: operate on local Hugo project files. Before running: 1) Inspect the paths you pass or set in HUGO_BLOG_DIR to ensure you don't accidentally point it to a sensitive or system directory; 2) Run python3 scripts/publish_blog.py --check-config to validate the blog directory and templates first; 3) Back up or use git in your blog repo so you can revert unintended file changes; 4) If you are risk-averse, open scripts/publish_blog.py and review it locally (it appears to only use local filesystem operations and content analysis, with no network calls). If you plan to run this inside an automated agent, ensure the agent's working directory and environment variables are set correctly and not exposing other data.Like a lobster shell, security has layers — review code before you run it.
latestvk97eg6np7jsnwfapwe2cax8gv184b7h6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.