ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Content Research

v1.1.0

Research trending topics and generate platform-specific content. Triggers on "research [topic]", "what's new in [topic]", "content for [platform]", "create p...

1· 1.5k·20 current·22 all-time
byHazy@hazy2go
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (research trending topics, generate platform-specific content) matches the SKILL.md and README instructions. The skill is instruction-only and does not declare unrelated binaries, config paths, or credentials. The README's note about an optional Brave Search API key is consistent with an optional enhancement and is not required.
Instruction Scope
Runtime instructions are limited to web_search and web_fetch calls, filtering, summarization, and content formatting per platform — all within the stated purpose. Caution: web_fetch/web_search will retrieve arbitrary web content based on queries (including URLs the user supplies), and the examples/brand-config mention items like 'Karma accounts' which implies guidance about account usage that could encourage gaming/platform policy violations. The skill does not instruct reading unrelated local files or environment variables, but users should avoid putting secrets into brand-config.md or prompts.
Install Mechanism
No install spec and no code files — instruction-only skill. This is low-risk from an install/execution standpoint because nothing is written to disk or downloaded by the skill itself.
Credentials
No required environment variables or credentials are declared. The README's optional Brave Search API key is plausible for search integration; it is optional and not requested by the skill at install time. Users should not paste unrelated secrets into example config files.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request permanent presence or attempt to modify other skills or agent-wide settings.
Assessment
This skill appears to do exactly what it says: search the web for recent items and generate platform-formatted posts. Before installing or using it, consider: (1) the agent will fetch arbitrary URLs — make sure your environment's web_fetch is appropriately network-restricted (to avoid internal/SSRF exposure); (2) do not paste API keys, passwords, or other secrets into brand-config.md or prompts; (3) review generated content for accuracy and platform policy compliance (the README/example mention 'Karma accounts' which could imply tactics that violate site rules); (4) if you choose to supply a Brave Search API key, only provide a minimal-scope key and treat it as optional. If you want deeper assurance, provide the platform's web_fetch/web_search implementation details or confirm how network access is sandboxed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97615bcg8e508ygv3gv051rch8199yr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments