Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Content Ops
v0.1.1Social media content operations automation system with SQLite database. Manage content crawling, curation, publishing, and analytics across platforms (Xiaoho...
⭐ 0· 439·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The repository contents (crawl/publish scripts, DB schema, image-generation docs) are consistent with a 'content ops' system. However the registry metadata claims no required env vars or install steps while the documentation and code clearly require credentials and external services (OpenAI API key, Xiaohongshu cookies, Reddit API creds, MCP binaries). That mismatch between declared requirements and actual needs is unexpected and reduces trust.
Instruction Scope
SKILL.md and other docs instruct the operator/agent to: download and run a third‑party MCP binary, store and read cookies/secret files, write secrets.json, run database migrations, run background services (screen), create cron jobs, and perform browser automation / scraping that uses reverse-engineering code. The instructions reference and read/write many local paths and secrets that are outside a minimal 'skill' surface — this is broader than the metadata suggests and gives the skill access to credentials and persistent system state.
Install Mechanism
There is no formal install spec in registry metadata despite 72+ code files and explicit install steps in the docs. The docs instruct downloading a GitHub release tarball and extracting it into ~/.openclaw/workspace/bin and starting it in screen. The download host is GitHub releases (reasonable), but the absence of a declared install step + many dependencies (playwright, native binaries) makes the install footprint non-trivial and under-documented. The package.json lists extra MCP packages and playwright which may pull heavy native components.
Credentials
Registry metadata declares no required env vars or primary credential, but the docs and code reference several sensitive credentials: OPENAI_API_KEY (image generation), XIAOHONGSHU_COOKIE (scraping), REDDIT_CLIENT_ID/REDDIT_CLIENT_SECRET (API publishing), Discord webhook URLs, and writing secrets.json. Requiring and storing these secrets is reasonable for the feature set, but the omission from the declared requirements is an incoherence and a red flag for accidental credential exposure or misconfiguration.
Persistence & Privilege
The documentation instructs starting persistent background services (xiaohongshu-mcp in screen), saving cookie/session files and adding system cron jobs to run periodic tasks. While persistence can be legitimate for automation tools, this skill explicitly tells operators to create persistent system components and store credentials on disk — increasing blast radius if the code is malicious or buggy. The skill does not set always:true, but it does ask users to grant long-term system presence manually.
Scan Findings in Context
[base64-block] unexpected: Pre-scan found a 'base64-block' pattern in SKILL.md content. The provided SKILL.md excerpt does not obviously show a base64 blob, so this could indicate hidden/obfuscated data or an attempt to inject payloads. Base64 blocks are not expected for a content-ops user guide and should be reviewed manually.
What to consider before installing
This repo looks like a working content-ops system, but several red flags mean you should not install it blindly. Before use: 1) Review all code (especially scripts that run shell commands, download binaries, perform encryption/decryption or write secrets) and search for any hidden/encoded payloads (base64, eval, exec). 2) Don’t reuse high‑privilege credentials — create dedicated, limited test accounts for Reddit/Xiaohongshu and a separate OpenAI key with tight usage limits. 3) If you must run it, do so in an isolated environment (container or VM) and avoid putting API keys into world-readable files; prefer ephemeral env vars. 4) Verify the GitHub release binary integrity (check the release author and checksums) before running it. 5) Audit any code that claims to 'reverse' platform crypto or bypass anti-bot protections — using such code may violate platform terms and increase risk. 6) If you’re uncomfortable auditing, don’t provide cookies/API keys and consider not installing; ask the author for a minimal, declarative install manifest and a list of exact env vars the skill will use.Like a lobster shell, security has layers — review code before you run it.
latestvk97fx3ctgpawzfbd3s1nnrmdcn82286s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.