ClawHub

Ai Content Generator

v1.0.0

Generate blog posts, social media content, marketing emails, product descriptions, and SEO-optimized copy using AI.

0· 291·1 current·1 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name and description match a content generator. However, SKILL.md states an OpenAI API key and Python 3.8+ are required, while the registry metadata lists no required env vars or dependencies and the included script is a local placeholder that does not call OpenAI or Python. This mismatch is unexplained.
!
Instruction Scope
Runtime instructions simply run ./generate.sh. The SKILL.md mentions external API credentials and Python but gives no concrete integration steps. The instructions are incomplete/vague — they claim external network usage but the provided script performs only local text output.
Install Mechanism
No install spec and no downloads; the skill is instruction-only with a small shell script. Nothing is written to disk beyond the provided files, so install risk is low.
!
Credentials
No environment variables are declared in the manifest, yet SKILL.md claims an OpenAI API key is required. The skill does not declare a primary credential or request secrets, so the documentation and declared requirements are inconsistent.
Persistence & Privilege
Defaults are used (always: false, agent invocation allowed). The skill does not request persistent presence or modify other configs; no elevated privilege is requested.
What to consider before installing
The shipped generate.sh is a harmless placeholder that prints content locally. However, the SKILL.md mentions needing an OpenAI API key and Python while the manifest does not declare any credentials and the script doesn't use them — this inconsistency could mean the skill is incomplete or will be updated to call external services. Before installing or providing any API keys: (1) ask the author for a clear implementation that shows how the key is used and where network calls are made; (2) inspect any future changes for network endpoints or code that reads environment variables; (3) avoid supplying secrets (OpenAI API key or other tokens) until you verify the code; and (4) prefer published/verified skills from known sources for production use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97990pyazaye8bgpqhneje2cs828n74

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments