ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Press Release Writer

v1.0.1

Write professional press releases for any occasion, media type, and country. Use when the user wants to write, draft, or improve a press release, communiqué...

0· 74·0 current·0 all-time
bySamuel Berthe@samber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name, description, and included reference files (release types, regional conventions, media formats, email pitch guide) align with a press-release writing skill. No binaries, env vars, or unrelated requirements are requested.
!
Instruction Scope
Runtime instructions are detailed and focused on collecting context, selecting templates, producing headlines/drafts, and quality checks. However Step 6b (truncated) directs the agent to "Invoke a humanizer skill (e.g. 'humanize', 'humanizer', 'de-slop', 'AI detection cleanup', 'rewrite like a human') to remove AI-gener..." — this explicitly encourages invoking another capability to remove signs of AI generation, which could be used to evade detection or attribution and is out-of-scope for purely producing improved copy. Also the skill includes crisis/earnings templates where legal/regulatory review is recommended but the instructions do not require such review before publication.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk by an installer; lowest install risk.
Credentials
The skill requests no environment variables, credentials, or config paths. The required tools (Read/Edit/Write/Glob/Grep/Agent/AskUserQuestion) are consistent with reading reference files and interacting with the user; they don't imply disproportionate access.
Persistence & Privilege
always:false and user-invocable:true. The skill is not force-included and does not request system-wide configuration changes or persistent privileges. Autonomous invocation is allowed by platform default but not combined with other privilege escalations here.
What to consider before installing
This skill is coherent with its stated purpose and contains extensive, sensible templates and checks. Two things to consider before installing: 1) The SKILL.md explicitly tells the agent to invoke a "humanizer" (e.g., "AI detection cleanup") to remove traces of AI generation. That can be used to obscure the origin of text and to evade detectors — decide whether you are comfortable with automated removal of AI provenance and review any legal/ethical obligations (journalistic disclosure, regional AI labeling regulations) before allowing that behavior. If you install, consider disabling or gating calls to external "humanizer" skills or require explicit user consent each time. 2) The skill provides crisis and earnings templates that involve sensitive or regulated disclosures. Make sure outputs intended for real publication are reviewed by legal/compliance and that you do not paste or request sensitive PII, secrets, or regulated financial data into the skill without appropriate safeguards. Other recommendations: confirm the provenance and permissions of any auxiliary skills (e.g., docx or humanizer) that this skill may call, and avoid sending unrevised, sensitive data into external services or other skills you haven't audited.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ckqh48b58d2e6h7an68yp6h83w07y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📰 Clawdis

Comments