ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Max Content Machine

v1.0.0

Autonomous 24/7 affiliate content production pipeline for OpenClaw agents. Orchestrates research → brief → article writing → quality gate → deploy. Supports...

0· 411·0 current·0 all-time
by@sonnenberglauramarie-afk

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sonnenberglauramarie-afk/max-content-machine.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Max Content Machine" (sonnenberglauramarie-afk/max-content-machine) from ClawHub.
Skill page: https://clawhub.ai/sonnenberglauramarie-afk/max-content-machine
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install sonnenberglauramarie-afk/max-content-machine

ClawHub CLI

Package manager switcher

npx clawhub@latest install max-content-machine
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The claimed purpose (automated research→write→quality→deploy pipeline) aligns with the listed actions (running quality checks, using wrangler to deploy to Cloudflare, updating sitemaps). However the skill does not include any of the scripts it instructs the agent to run (quality_gate.py, pipeline_controller.py, post_article.py, etc.), and the registry metadata declares no required env vars or binaries even though Cloudflare and Amazon affiliate integration are central to the stated purpose. That mismatch is unexpected but not impossible (the skill may rely on the user's existing repo), so it is a design inconsistency rather than definitive malice.
!
Instruction Scope
SKILL.md instructs the agent to read and write many local files (KEYWORD-BACKLOG.md, article templates, sitemap), run local scripts (python3 quality_gate.py), and perform network actions (wrangler deploy, cache purge). It also tells the user to "Set up Cloudflare API token" and to configure Amazon affiliate tags. The instructions are specific about actions but do not say how secrets should be provided or protected. Because the skill is instruction-only and references non-included scripts, an agent acting on these instructions could access arbitrary workspace files and publish content using external credentials—the scope is broad and the absence of included code makes the runtime behavior opaque.
Install Mechanism
There is no install spec and no code files; this is instruction-only. That minimizes supply-chain install risk (nothing will be downloaded or written by an installer), but it also means the scanner had no code to analyze and the agent will rely on user-provided scripts and system tooling (python, wrangler).
!
Credentials
The instructions require a Cloudflare API token and Amazon affiliate tags for normal operation, but the skill metadata declares no required environment variables or primary credential. This omission is inconsistent and risky: the agent will need credentials to deploy and insert affiliate links, yet there is no guidance in the skill about how to supply or scope those credentials, and no explicit required env vars were declared. That increases the chance of misconfiguration or accidental credential exposure.
Persistence & Privilege
The skill is not marked always:true and uses default autonomous invocation settings. That is normal for an automation skill that is expected to run pipeline tasks. There is no evidence the skill attempts to modify other skills or agent-wide configuration. Still, because it performs publishing actions, granting it autonomous execution should be considered carefully.
Scan Findings in Context
[no-regex-findings] unexpected: The regex-based scanner found no code because this is an instruction-only skill (only SKILL.md and _meta.json present). Absence of findings is not evidence of safety; the SKILL.md itself contains commands and credential requirements that could have security implications when executed by an agent.
What to consider before installing
Do not install or enable this skill until you validate a few items: 1) Obtain the full source repository or the actual pipeline scripts (quality_gate.py, pipeline_controller.py, post_article.py, etc.) and review them for hidden network endpoints, credential exfiltration, or obfuscated logic. 2) Require the skill to declare exact environment variables it needs (e.g., CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID, AMAZON_AFFILIATE_TAG) and explain where/how they are stored (avoid embedding secrets in plaintext files). 3) Confirm which Cloudflare account will be used and limit the token scope to only what is needed (deploy & cache-purge). 4) Run the pipeline in an isolated/test environment first and audit network calls and file writes. 5) If you must allow autonomous invocation, restrict its permissions and monitor its activity (audit logs, rotated tokens). Because the skill can publish content and use affiliate links, also verify it complies with your legal/policy requirements for automated publishing and affiliate disclosures.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bwn7ktvw6xwjnjvr8je1n5x82h4vr
411downloads
0stars
1versions
Updated 21h ago
v1.0.0
MIT-0
@sonnenberglauramarie-afk
latest
Download

Content Machine — Autonomous Affiliate Content Pipeline

What this skill does

Turns keywords into published SEO articles automatically:

  1. Research (Lena) — SERP analysis, content gaps, Amazon product check
  2. Brief — structured content plan per keyword
  3. Write (Felix) — 2500+ word article with AEO/GEO optimization
  4. Quality Gate — 20-point automated check (H1, word count, FAQ, images, links)
  5. Deploy — Cloudflare Workers/Pages with cache purge

When to use

  • Building niche affiliate sites at scale
  • Automating content production with multi-agent systems
  • Maintaining quality standards across large article batches

Pipeline flow

KEYWORD-BACKLOG.md
    ↓
Lena (Research Agent) → content-brief.md
    ↓
Felix (Content Agent) → article.html
    ↓
Quality Gate (python3 quality_gate.py)
    ↓ PASS
Deploy (wrangler deploy)
    ↓
Sitemap update + Cache purge

AEO/GEO Rules (built-in)

Every article must have:

  • H2 starts with 2-3 sentence quotable answer (bold)
  • Min. 1 comparison table with concrete numbers
  • FAQPage JSON-LD schema
  • dateModified schema
  • Neutral ranking (no self-promotional listicles)

Quality Gate checks

  • H1 present and keyword-rich
  • Min. 2500 words
  • FAQPage schema
  • 4 images (1 eager + 3 lazy)
  • 5+ internal links
  • Amazon affiliate links with correct tag
  • Author box (last element)
  • Meta description (max 155 chars)

Setup

  1. Create KEYWORD-BACKLOG.md with target keywords
  2. Configure site paths and Amazon affiliate tags
  3. Set up Cloudflare API token
  4. Run pipeline via heartbeat or cron

File structure

/your-site/
  ARTIKEL-VORLAGE.html   ← Article template
  quality_gate.py        ← Quality checker
  wrangler.toml          ← Cloudflare config
  sitemap.xml            ← Auto-updated

/workspace/
  KEYWORD-BACKLOG.md     ← Keyword queue
  scripts/
    pipeline_controller.py
    post_article.py
    generate_felix_brief.py

Comments

Loading comments...