Content Claw
Security checks across malware telemetry and agentic risk
Overview
Content Claw is a coherent content-generation tool, but it needs Review because some privacy/scope claims do not match the provided code and it can use account cookies to automate public Reddit/X actions.
Install only if you are comfortable with Playwright scraping, external APIs, and optional Reddit/X account automation. Use scoped FAL/Exa keys, avoid internal or sensitive PDFs/URLs until the temp-file cleanup issue is fixed, run in a sandbox, and do not provide platform cookies or publish live posts until you have reviewed the publishing script and tested dry-run mode.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A sensitive PDF supplied as source material could remain on disk outside the folder the user was told would contain all reads and writes.
PDF extraction stores retrieved source content in an OS temporary file with deletion disabled, which can leave a copy outside the skill directory despite the stated file-scope boundary.
SKILL.md: "This skill only reads and writes files within `BASE_DIR`... Never access ... any path outside"; extract.py: "with tempfile.NamedTemporaryFile(suffix=\".pdf\", delete=False) as f:"
Delete temporary PDFs in a finally block, use delete=True where possible, or store extraction artifacts only under BASE_DIR with explicit retention controls.
Brand strategy or audience research details may be sent to Exa in search queries beyond what the privacy wording suggests.
The privacy notice says Exa receives only keyword-derived queries, but the code can include audience interests and pain points from the brand graph.
SKILL.md: "Only search queries derived from brand keywords are transmitted"; discover_topics.py: "pain_points = audience.get(\"pain_points\", [])" and "exa_queries.append(f\"{pain_points[0]} solutions {keyword_str}\")"Disclose the exact brand-graph fields used in external queries and ask before sending potentially sensitive strategy or audience data.
If you provide platform cookies, the skill can act as your Reddit or X account for supported workflows.
The skill clearly discloses optional Reddit/X cookie use, but those cookies delegate account authority to the automation.
"Providing cookies grants the skill the ability to act as your account on those platforms for searching, posting, and reading engagement metrics."
Only provide cookies for accounts you are comfortable automating, inspect the publishing/tracking scripts first, and prefer scoped or separate accounts where possible.
A mistaken publish action could post content publicly under the user's account.
Publishing public posts through browser automation is high-impact, but it is disclosed, purpose-aligned, and described as user-controlled with a dry-run option.
"The publish script uses Playwright with your cookies to fill and submit post forms on Reddit/X. Review `scripts/publish.py` before enabling publishing. A dry-run mode is available to preview without posting."
Use dry-run first and require explicit confirmation before any live Reddit/X submission.
Scraping may violate some site terms, and running unsandboxed browser automation on arbitrary URLs can increase local exposure.
The skill uses headless browser scraping with anti-detection settings and disabled sandboxing; this is aligned with extraction but carries ToS and local-containment considerations.
SKILL.md: "stealth settings (hides webdriver property, custom user-agent) to avoid bot detection"; extract.py: "--disable-blink-features=AutomationControlled" and "--no-sandbox"
Run the skill in a sandboxed environment and avoid using it on sites where automated scraping is prohibited.
Future dependency or installer changes could affect what code runs locally.
The setup relies on external installer/package sources and unpinned dependency ranges, which is normal for this kind of Python tool but still a supply-chain trust point.
SKILL.md: "curl -LsSf https://astral.sh/uv/install.sh | sh"; pyproject.toml: "httpx>=0.27", "playwright>=1.49", "fal-client>=0.5", "exa-py>=1.0"
Review installer scripts, use a lockfile or pinned versions where possible, and install in an isolated environment.