ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GEO Content Writer

v0.7.3

Use when the user wants to turn [Dageno](https://dageno.ai/?utm_source=github&utm_medium=social&utm_campaign=official) GEO opportunities into a real-fanout b...

0· 104·0 current·0 all-time
byTim@geo-seo

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for geo-seo/geo-content-writer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GEO Content Writer" (geo-seo/geo-content-writer) from ClawHub.
Skill page: https://clawhub.ai/geo-seo/geo-content-writer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: DAGENO_API_KEY
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install geo-content-writer

ClawHub CLI

Package manager switcher

npx clawhub@latest install geo-content-writer
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (Dageno -> fanout backlog -> article -> optional WordPress publish) align with the files present (client, citation crawling, wordpress integration, CLI, workflows). Requiring python3 is expected. However, the registry-level 'Requirements' block only lists DAGENO_API_KEY while SKILL.md's internal metadata and many code files indicate additional optional integrations (FIRECRAWL_API_KEY, WORDPRESS_SITE_URL, WORDPRESS_USERNAME, WORDPRESS_APP_PASSWORD). That mismatch is an inconsistency to verify.
Instruction Scope
SKILL.md instructs the agent to call the geo_content_writer CLI (PYTHONPATH=src python -m geo_content_writer.cli ...) to build fanout, crawl citation pages, analyze patterns, generate briefs, and optionally publish to WordPress. Crawling top citation pages and 'optional web research' implies outbound HTTP/HTTPS calls to arbitrary sites (expected for citation analysis) — this is coherent with the skill's purpose but expands the runtime network footprint and can touch many external sites and HTML content.
Install Mechanism
There is no install spec; the package is instruction/code-only and expects python3 and a PYTHONPATH run. This is low-risk compared with remote binary downloads. The presence of many source files means the code will run locally, but nothing in the manifest indicates an automated installer or remote executable fetch.
!
Credentials
The top-level registry metadata (Requirements) only lists DAGENO_API_KEY as required, but SKILL.md's embedded metadata and code indicate additional sensitive environment variables (FIRECRAWL_API_KEY and full WordPress credentials). WordPress app passwords and web-crawl API keys are sensitive and should only be provided if you intend to use those features. The skill's declared primaryEnv is DAGENO_API_KEY, which is appropriate, but the discrepancy between the registry summary and SKILL.md is a red flag: you should confirm exactly which credentials the code will attempt to read and transmit.
Persistence & Privilege
The skill is not marked 'always: true' and uses the default model-invocation behavior. It does not request system-wide persistence in the metadata (no config paths beyond project-local knowledge/backlog files). This privilege surface is typical for a CLI-style skill and is not unusually broad.
What to consider before installing
Before installing or providing credentials: 1) Confirm which environment variables you actually need (the registry summary lists only DAGENO_API_KEY, but SKILL.md mentions FIRECRAWL_API_KEY and WORDPRESS_* vars). 2) If you won't publish to WordPress or run citation crawling, avoid supplying WORDPRESS_APP_PASSWORD and FIRECRAWL_API_KEY. 3) Inspect the included src files (client.py, wordpress.py, citation_crawl.py, workflows.py) for where keys are sent and what external endpoints are contacted. 4) Run the tool in an isolated environment (dedicated VM or container) and with least-privilege API keys (scoped tokens) to limit blast radius. 5) If you plan to use WordPress publishing, consider creating a WordPress account/app password scoped to a test site or limited user. 6) If you need help verifying which env vars are actually referenced at runtime, share the specific client.py / wordpress.py call sites and I can inspect them and explain the outbound requests in detail.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3
EnvDAGENO_API_KEY
Primary envDAGENO_API_KEY
latestvk978chtnd7nrqrb5jvchfasxj584hhq9
104downloads
0stars
2versions
Updated 2w ago
v0.7.3
MIT-0
Tim@geo-seo
latest
Download

Content Writer

Use this skill to turn Dageno prompt opportunities into a real-fanout backlog and then produce one backlog-row-first editorial package for one selected fanout item.

Fixed Workflow

A. Opportunity Layer

  1. discover high-value prompts
  2. extract real fanout for each prompt
  3. store all fanout in one backlog

B. Backlog Layer

  1. mark overlap / merge / duplicate items
  2. keep one prioritized backlog with statuses
  3. choose which fanout item to write next

C. Writing Layer

  1. crawl top citation pages for the selected fanout
  2. analyze citation patterns
  3. build one editorial brief from one selected backlog row
  4. generate section drafting instructions
  5. generate section review instructions
  6. assemble one publish-ready article

D. Distribution Layer

  1. publish to WordPress draft or publish status

Input -> Output Contract

Inputs

  • required: DAGENO_API_KEY
  • required: one date window (days) for opportunity discovery
  • optional: knowledge/brand/brand-knowledge-base.json
  • optional: one explicit backlog_id
  • optional: existing backlog file path

Outputs

  • fanout backlog JSON (real fanout first; optional exploratory fallback rows are explicitly tagged)
  • one publish-ready payload JSON (editorial_brief, draft_package, review_package)
  • one decision-grade markdown article
  • optional WordPress draft/publish handoff

Non-Negotiable Rules

  • only use real Dageno fanout
  • do not generate guessed fanout as publish-ready seed
  • exploratory fallback is allowed only when write_now inventory is low, and must stay status=exploratory until validated against fresh GEO data
  • do not write directly from Dageno topic
  • one selected fanout should map to one article
  • one backlog row should map to one editorial brief
  • use the section drafting and review contracts when integrating with external agents
  • if local brand knowledge base and Dageno brand snapshot do not match, block publish-ready output
    • you can override with --allow-brand-mismatch, but it will carry a warning; avoid unless you intentionally accept risk

Output Quality Contract (Required)

  • include explicit exclusion boundaries (not ideal when ...) for major options
  • include a default recommendation hierarchy (forced ranking fallback)
  • include at least one head-to-head comparison block between major options
  • include an If X -> Choose Y decision engine section
  • include a single-sentence convergence block (If You Only Remember One Thing)
  • include at least 5 references with a mix of editorial and official support/policy pages

Quality gate command:

PYTHONPATH=src python -m geo_content_writer.cli check-article-quality <article.md> --min-words 1200

Required Local Files

  • knowledge/brand/brand-knowledge-base.json
  • knowledge/backlog/fanout-backlog.json

Reference

See references/pipeline-spec.md.

Comments

Loading comments...