Brand Marketing Workflow

v3.0.1

Structural documentation for the brand-marketing-workflow skill. Use when the user wants to understand, audit, or review the workflow design without exposing...

⭐ 1· 178·1 current·1 all-time

by@halfmoon82

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for halfmoon82/brand-marketing-workflow.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Brand Marketing Workflow" (halfmoon82/brand-marketing-workflow) from ClawHub.
Skill page: https://clawhub.ai/halfmoon82/brand-marketing-workflow
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install brand-marketing-workflow

ClawHub CLI

Package manager switcher

npx clawhub@latest install brand-marketing-workflow

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The SKILL.md and clawhub metadata repeatedly describe this as a documentation-only replacement artifact with no executable implementation, yet the bundle contains an install.sh, run.py, and ~17+ scripts that appear runnable and implement fetching, analysis, and LLM client logic. That discrepancy (claiming no executable code while shipping runnable code) is disproportionate and unexplained.

Instruction Scope

SKILL.md gives runtime instructions (install.sh delegates to python3 scripts/run.py and describes oc_execute_skill usage) while the top-level description says 'contains no executable code'. The described workflow otherwise stays within marketing/scoped actions (public signal fetching, human authorization), but the presence of real scripts means those instructions will execute network requests and LLM calls that are not reflected in the declared 'documentation-only' intent.

ℹ

Install Mechanism

Registry lists 'no install spec' (instruction-only), but the repository includes an install.sh that executes Python code. There are no external download URLs or third-party installers — all code is packaged — which lowers supply-chain download risk, but the mismatch between claimed non-runnable artifact and actual executable files is concerning because users/integrations may accidentally run code they were told doesn't exist.

Credentials

Declared requirements list no env vars or credentials, but code includes oc_llm_client.py and gateway_client.py and evidence of web fetching. Those modules commonly require API keys or network access; no credentials are declared or justified in SKILL.md. The package also contains an autoresearch.config.json with an absolute workingDir path (reveals a local developer path). Missing declaration of expected secrets/credentials is a material inconsistency.

ℹ

Persistence & Privilege

Flags are normal (always:false, user-invocable:true). The skill does not request 'always' or system-wide privileges. However, because executable code is present, autonomous invocation (default) would allow the agent to run network/LLM calls if the system/platform grants that capability — combine this with the purpose/instruction mismatch before enabling autonomous runs.

What to consider before installing

Do not install or run this skill until the mismatch is resolved. Specific steps to take: 1) Ask the publisher to confirm whether this release is meant to be documentation-only or an executable package. 2) If you intend to run it, review run.py and scripts/* (especially oc_llm_client.py, gateway_client.py, competitor_fetcher.py, authorization_manager.py) for network endpoints, hardcoded secrets, or code that reads environment variables or local files. 3) Verify which environment variables / API keys the code expects (LLM keys, gateway tokens) and ensure the registry metadata is updated to declare them. 4) Run any code in an isolated sandbox or ephemeral VM, not on a production host. 5) If you cannot get a clear explanation from the owner, treat the package as untrusted and avoid executing it — the main red flag is the intentional-sounding 'documentation-only' claim while shipping runnable code and past-run artifacts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97270ww18419h6qm77kw1zc5d83whdk

178downloads

1stars

7versions

Updated 4w ago

v3.0.1

MIT-0

Brand Marketing Workflow — Structural Reference

What This Skill Is

A documentation-only description of the brand marketing workflow. It explains the system architecture, roles, stages, boundaries, and outputs, but contains no executable code.

Purpose

Describe how brand inputs are turned into marketing plans
Clarify the handoff between strategy, production, analysis, and review
Define the human-approval boundaries for publishing, login, payment, or other sensitive actions
Serve as a safe replacement artifact when the published skill should be withdrawn from active use

Structure

1) Input Layer

Brand name
Positioning
Tone
Audience
Goals
Channels
Constraints
Competitor scope

2) Planning Layer

Normalize brand input
Build a concise brand brief
Define content pillars
Define channel mapping
Define KPI targets

3) Production Layer

Draft content variants
Draft campaign ideas
Draft platform-specific formats
Prepare review-ready assets

4) Analysis Layer

Compare public competitor signals
Identify messaging patterns
Identify content gaps
Score brand fit and iteration opportunities

5) Authorization Layer

Pause on actions that cross policy or access boundaries
Request explicit human confirmation
Resume only after approval

6) Output Layer

Brand brief
Content plan
Competitor summary
Performance review
Iteration notes
Approval requests when needed

Boundaries

Allowed

Public information review
Structural planning
Draft generation
High-level workflow explanation

Not Allowed

Hidden scraping
Bypassing login or platform controls
Automatic publishing
Payment or recharge without approval
Any misleading claim that implementation code still ships inside this replacement artifact

Implementation Details

Entry Point

install.sh bootstraps the skill and delegates to the Python runtime:

exec python3 scripts/run.py "$@"

Usage via OpenClaw:

oc_execute_skill brand-marketing-workflow --brand "品牌名"
oc_execute_skill brand-marketing-workflow --brand "BrandName" --channels "instagram,wechat"

Scripts

Script	Role
`scripts/workflow_orchestrator.py`	Main entry point — orchestrates all stages in sequence
`scripts/competitor_fetcher.py`	Fetches public competitor signals (no auth required)
`scripts/competitor_ai_analyzer.py`	Analyzes competitor content patterns with LLM
`scripts/competitor_cluster.py`	Clusters competitors by positioning and messaging
`scripts/authorization_manager.py`	Gate for any action requiring human approval
`scripts/normalize_brand_input.py`	Normalizes and validates brand input parameters
`scripts/content_producer.py`	Drafts content variants per channel
`scripts/score_content_effect.py`	Scores content variants for brand fit

Output Templates

All outputs are written to templates/:

File	Contents
`brand_brief.md`	Brand positioning, tone, audience, pillars
`content_plan.md`	Channel-specific content calendar and format map
`competitor_report.md`	Competitor analysis with messaging gap matrix
`performance_report.md`	KPI targets and scoring baseline
`iteration_plan.md`	Next-cycle improvement suggestions

Authorization Gate

Any action that touches publishing, payment, platform login, or personal data pauses and calls authorization_manager.py, which:

Emits a clear approval request to the user
Blocks all downstream scripts until confirmation is received
Logs the approval decision with timestamp

No sensitive actions are taken automatically.

Comments

Loading comments...