ClawHub

GitHub to Xiaohongshu

v1.1.1

Analyze a GitHub repository and generate Xiaohongshu (Little Red Book) infographic posts. Use when the user wants to create social media content about a GitH...

0· 121·1 current·1 all-time
bylaojun@laojun509
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the skill generates analysis, multiple outline strategies, prompts, and an HTML output from a GitHub repo. It does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md tells the agent to fetch README via web_fetch and then produce content; the included Python script creates directory structure and template files but contains many TODO placeholders and does not actually fetch or parse remote README/contents (so the runtime behavior described in prose is partially unimplemented). This is a functional mismatch, not a security issue.
Install Mechanism
No install spec is present (instruction-only + a helper script). Nothing is downloaded from external URLs and no archive extraction is declared.
Credentials
No environment variables or secrets are required. The script writes outputs under /root/.openclaw/workspace/xhs-images/{slug} — this is a workspace path but uses /root; users should confirm that writing there is acceptable in their environment.
Persistence & Privilege
always:false and default invocation settings; the skill only writes files into its workspace and (per SKILL.md) packages a tar.gz — it does not request permanent platform-level privileges or modify other skills.
Assessment
This skill is internally consistent and doesn't ask for credentials, but note: (1) the SKILL.md assumes the agent will fetch README content, while the included Python helper mostly generates templates and leaves TODOs — you should verify the implementation if you expect automatic README parsing. (2) The script writes files under /root/.openclaw/workspace — ensure that path is acceptable on your system. (3) Review any generated image prompts or outputs before publishing (they could include repo content you don't want publicly posted). If you plan to run the Python script, inspect it and any further code added to confirm no unexpected network calls or shell executions are introduced.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ardwhkmrvqat7v1fty0pmph84srss

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments