Blog Content Processor
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: blog-content-processor Version: 10.0.0 The skill bundle contains metadata and documentation for a blog content processor designed to extract videos from RSS feeds and generate GIF previews. The dependencies listed in package.json (rss-parser and ffmpeg-static) are standard for the stated functionality, and the SKILL.md instructions align with the tool's purpose without any indicators of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not run as provided, and a user would need to fetch or create additional code before it works.
The package declares a runnable main file and external npm dependencies, but the provided manifest contains only SKILL.md and package.json and no install spec or lockfile. This is an incomplete/provenance gap, not evidence of malicious behavior.
"main": "index.js", ... "dependencies": { "rss-parser": "^3.12.0", "ffmpeg-static": "^5.1.0" }Only run this after obtaining the missing implementation from a trusted source, reviewing the code, and pinning/verifying dependencies.
Running the command would execute local JavaScript code if an index.js is later added or obtained elsewhere.
The skill documents local Node.js execution. This is purpose-aligned for a content processor, but the referenced code is not included in the reviewed artifacts.
node index.js --feed <rss-url> --output ./gifs
Review the actual index.js and installed packages before executing the command, especially if the code is sourced outside this package.