ClawHub

Substack Ghostwriting

v1.1.3

Write, optimize, and grow Substack content — both newsletter issues (email-first) and web posts (web-first articles/essays). Covers ghostwriting with voice m...

0· 121·0 current·0 all-time
bySamuel Berthe@samber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md: the skill is a ghostwriting/content-optimization assistant for Substack. It declares no binaries, no env vars, and the instructions focus on voice extraction, content planning, formatting, SEO, and distribution — all appropriate for the stated purpose.
Instruction Scope
Instructions reasonably stay within scope (interview the user, request voice samples, fetch public Substack posts when the user supplies a URL, consult included references). Note that the skill asks for potentially sensitive user-provided artifacts (transcripts, Slack messages, internal comms) and permits web fetches — users should avoid sharing private credentials or confidential content. The SKILL.md does not instruct reading arbitrary system files or accessing credentials.
Install Mechanism
No install spec and no code files — instruction-only. Lowest-risk install posture: nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The allowed tools include WebFetch/WebSearch/Agent, which is appropriate for fetching public posts or documentation; no disproportionate credential access is requested.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request permanent/system-level presence or elevated privileges. Autonomous invocation is allowed by default but that is platform normal and not combined with other red flags here.
Assessment
This skill is internally coherent and doesn't ask for credentials or install code, but be cautious about what you provide: only share voice samples, transcripts, or private messages that you explicitly want the assistant to read. Do not paste secrets, account cookies, or private keys. If you ask the agent to fetch a Substack URL that is behind a paywall, it may not be able to access it without credentials — do not supply login details. Also confirm you have permission to ghostwrite in someone else's voice and review any drafts for factual accuracy and legal/ethical concerns before publishing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973qjnq6daa893akvtbpg3yzs83zxae

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📰 Clawdis

Comments