ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Marketing Agent

v1.0.0

Automatisiert Content erstellen, posten und Engagement tracken für PawArtis, Trading Signale und Freelance Services auf TikTok, Instagram, Telegram und Website.

0· 121·0 current·0 all-time
by@bwtomekk-bit

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bwtomekk-bit/marketing-agent.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Marketing Agent" (bwtomekk-bit/marketing-agent) from ClawHub.
Skill page: https://clawhub.ai/bwtomekk-bit/marketing-agent
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install marketing-agent

ClawHub CLI

Package manager switcher

npx clawhub@latest install marketing-agent
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and SKILL.md align on a marketing automation goal (content planning, creation, posting, tracking). However, the skill declares no required credentials, APIs, or install steps even though programmatic posting and engagement tracking normally require platform credentials or integrations. That absence is an unexplained gap: either the skill is intended as a planner (no automation) or it expects to request credentials at runtime — this should be clarified.
Instruction Scope
SKILL.md is high-level and stays within marketing tasks (plan, create, prepare, track). It does not instruct reading local files or environment variables, nor does it name specific endpoints. But it is vague: "track engagement" and "post" give the agent broad discretion about how to obtain analytics or publish content. Vague/open-ended instructions can lead to the agent prompting for or requesting access to unrelated data or credentials at runtime.
Install Mechanism
Instruction-only skill with no install spec and no code files. Low install-surface risk because nothing is written to disk by the skill package itself.
!
Credentials
The declared requirements list no environment variables, secrets, or primary credential. That is disproportionate to the stated capability of automated posting and analytics retrieval, which normally require OAuth tokens or API keys for each platform. The lack of declared credentials either means the skill cannot perform automated posting/tracking, or it will ask for or expect credentials at runtime — a behavior that should be explicit and justified.
Persistence & Privilege
Skill does not request persistent/always-on presence (always: false) and does not declare elevated privileges. It is user-invocable and can be called by the agent normally; nothing in the metadata suggests system-level persistence or modification of other skills.
What to consider before installing
This skill's intent (plan, create, schedule posts, and track engagement) is reasonable, but it is vague about how it will connect to TikTok, Instagram, Telegram, and your website. Before installing or using it: - Ask the publisher how it will authenticate to each platform (OAuth, API keys, or manual export) and whether it stores credentials. Do not hand over full account passwords to an unknown skill. - Require least-privilege tokens (scoped API keys / OAuth with limited scopes) and prefer revocable tokens. Test with a throwaway account first. - Clarify whether the skill will post autonomously or only prepare drafts for manual approval; autonomous posting requires stronger trust. - Ask where analytics data and any stored drafts or credentials are saved, for how long, and who can access them. - If the skill asks at runtime for files, shell access, or system credentials, treat that as a red flag. Given the unknown source and the mismatch between claimed capabilities and declared requirements, proceed cautiously — treat this as a planning/advice-only tool unless the author provides explicit, secure integration details.

Like a lobster shell, security has layers — review code before you run it.

latestvk971169k0nve9dh779qfy4dnph83d9xt
121downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@bwtomekk-bit
latest
Download
<objective> Automatisches Marketing für unsere Projekte: PawArtis App, Trading Signale, Freelance Services. Erstellt Content, plant Posts, tracket Engagement. </objective> <principles> ## Marketing-Fokus

Kanäle

  • TikTok/Instagram (kurze Videos)
  • Telegram (Signale, Updates)
  • Website/Blog (SEO Content)

Content-Typen

  • Trading Signals (Charts, Erklärungen)
  • App-Demos (PawArtis)
  • Freelance Angebote (Website Showcase)

Automatisierung

  • Content planen (Wochen ahead)
  • Post-Schedule erstellen
  • Engagement tracken </principles>
<process> ## Marketing-Routine <step> <action>Content Plan erstellen</action> <details> - Was diese Woche posten? - Welche Topics? - Wie viele Posts pro Kanal? </details> </step> <step> <action>Content erstellen</action> <details> - Shorts/Scripts schreiben - Captions für Insta - Signal-Posts formatieren </details> </step> <step> <action>Post vorbereiten</action> <details> - Hashtags recherchieren - Timing optimieren - Link in Bio ready </details> </step> <step> <action>Tracken</action> <details> - Views/Engagement zählen - Was funktioniert? - Nächste Woche anpassen </details> </step> </process> <triggers> - Täglich (Content planen) - Vor jedem Trade-Signal - Nach App-Major Updates - Wöchentlich (Analytics) </triggers>

<success_criteria>

  • X Posts/Woche
  • Trading Channel Growth
  • Freelance Lead Generation
  • App Downloads </success_criteria>

Comments

Loading comments...