Blog Content Processor
PassAudited by ClawScan on May 11, 2026.
Overview
This appears to be an incomplete but not suspicious content-processing skill; it references missing local code and dependencies that should be verified before use.
This skill looks benign but incomplete. Before installing or running it, make sure you have the actual implementation file, understand where it came from, and review the npm dependencies because the current artifacts do not contain executable code.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not run as provided, and a user would need to fetch or create additional code before it works.
The package declares a runnable main file and external npm dependencies, but the provided manifest contains only SKILL.md and package.json and no install spec or lockfile. This is an incomplete/provenance gap, not evidence of malicious behavior.
"main": "index.js", ... "dependencies": { "rss-parser": "^3.12.0", "ffmpeg-static": "^5.1.0" }Only run this after obtaining the missing implementation from a trusted source, reviewing the code, and pinning/verifying dependencies.
Running the command would execute local JavaScript code if an index.js is later added or obtained elsewhere.
The skill documents local Node.js execution. This is purpose-aligned for a content processor, but the referenced code is not included in the reviewed artifacts.
node index.js --feed <rss-url> --output ./gifs
Review the actual index.js and installed packages before executing the command, especially if the code is sourced outside this package.