ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

gzh copywriter

v1.0.0

为公众号内容创作打造的文章生成工具,基于全网超过1000条爆款文章,精准总结相关的热门文章的结构、风格、行文等,提炼核心流量密码与创作要点,高效产出爆款文章。

0· 76·0 current·0 all-time
byto the moon@yuanyi-github

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yuanyi-github/gzh-copywriter.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "gzh copywriter" (yuanyi-github/gzh-copywriter) from ClawHub.
Skill page: https://clawhub.ai/yuanyi-github/gzh-copywriter
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gzh-copywriter

ClawHub CLI

Package manager switcher

npx clawhub@latest install gzh-copywriter
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (公众号文案生成) align with the provided files and the included fetch_gzh_trends.py script that obtains '爆款' (trending) data. However, the script points to an unfamiliar third‑party endpoint (https://onetotenvip.com/skill/cozeSkill/getWxCozeSkillData) as the single authorised data source; centralising all queries to an opaque domain is not strictly required by the stated purpose and increases risk.
!
Instruction Scope
SKILL.md and references explicitly require using scripts/fetch_gzh_trends.py and forbid other data sources; the agent will therefore send user-supplied keywords (and possibly other runtime context) to the remote API. The instructions also forbid showing the script command and raw API output, which concentrates data flow to the remote service and reduces transparency. These constraints expand scope to cross-network data transfer that isn't obvious from the description.
Install Mechanism
No install spec (instruction-only) and only a Python dependency (requests). No downloads or archive extraction are present in the manifest. Risk from install mechanism is low.
!
Credentials
The skill requests no environment variables or credentials, which is appropriate, but it mandates querying an external API for all trend data. That means user-provided keywords and any context the agent sends will be transmitted off-platform to an unknown domain; this is a privacy/exfiltration concern even without explicit credential requests.
Persistence & Privilege
The skill is not 'always' enabled, does not request elevated privileges, and does not modify other skills or system configuration. Persistence/privilege level is appropriate.
What to consider before installing
This skill appears to do what it says (generate WeChat public-account copy) and includes a script that fetches trending-article data, but it requires using a single external API hosted at an unfamiliar domain (onetotenvip.com). That means any keywords or context you provide will be sent to that third party. Before installing or using: 1) Avoid sending sensitive or private keywords/data to this skill. 2) Request the maintainer/source of the endpoint and privacy/retention practices (no homepage/source is provided). 3) Inspect and (if needed) run scripts in a sandbox or isolated environment to observe network calls. 4) Consider replacing or auditing the data source (use a known/trusted API) if you need to process confidential inputs. 5) Note the shipped script appears truncated in the manifest — ask for the complete source and verify it matches the published behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk978kjw8ygxm58102j8r3tjtkd84v5wt
76downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
to the moon@yuanyi-github
latest
Download

公众号爆款内容分析与文案生成

使用说明(入口)

本技能的完整执行规范已抽离到引用文档,不在本文件直接展开。

在执行任务前,必须先读取并严格遵循:

  • references/usage_and_trigger.md(自我介绍、触发场景、任务目标)
  • references/workflow.md(完整任务流程与创作规范)
  • references/output_template.md(输出模板与禁止项)
  • references/gzh_trend_data_format.md(接口数据结构说明)

强制要求

  • 禁止跳过引用文档中的任一步骤与校验项。
  • 爆款数据仅允许通过脚本接口获取,禁止使用其他来源替代核心分析数据。
  • 脚本调用统一使用:scripts/fetch_gzh_trends.py

Comments

Loading comments...