ClawHub

DeepContent

v2.0.0

AI content marketing pipeline. Generate branded LinkedIn, X, and Reddit posts from any URL. Trigger on: "make a post from this", "turn this into content", "g...

0· 123·0 current·0 all-time
by@thierrypdamiba
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (content marketing pipeline -> generate social posts) align with what the SKILL.md asks the agent to do: call the DeepContent API, route intents, and present UX. The only required credential (DEEPCONTENT_API_KEY) is appropriate for an API-backed service.
Instruction Scope
Instructions are focused on routing/UX and API calls. However, the docs instruct the agent to 'Store the key for the session' and to 'note what the user changed' and store edits as memory for future runs — this implies persistent storage of user data and the API key. There are no directives to read unrelated files or environment variables, nor to transmit data to endpoints outside the stated API/frontend.
Install Mechanism
Instruction-only skill with no install spec and no code files. No binaries or downloads are requested, so nothing is written to disk by the skill itself.
Credentials
Only a single API key (DEEPCONTENT_API_KEY) is declared and used as the primary credential. That is proportionate and expected for the skill's purpose; no unrelated secrets or config paths are requested.
Persistence & Privilege
The skill does not request always:true and is user-invocable. But it explicitly tells the agent to store the API key in-session and to persist user edits/preferences as memory — this increases persistence and potential long-term access to user data. Confirm what storage is used and whether storing the API key is encrypted/consented.
Assessment
This skill is coherent with its stated purpose, but before installing you should: (1) Verify the DEEPCONTENT_API_KEY scope and create a least-privilege key if possible. (2) Ask where the agent will store the session key and any persistent 'memory' (encrypted agent vault, ephemeral session only, or long-term memory?) and whether you can opt out of memory. (3) Test with non-sensitive URLs first — anything you send (including scraped page content) may be stored by the skill or the service. (4) Verify the frontend/api domains are legitimate and review the OpenAPI spec at the provided base URL to confirm endpoints and timeouts. (5) Confirm retention and deletion policies for generated posts, stored edits, and any org/team invites. If these answers are unsatisfactory, do not provide a production API key or enable persistent memory.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e4qcpndyxw3qg3kvgfsz1t183by7h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
EnvDEEPCONTENT_API_KEY
Primary envDEEPCONTENT_API_KEY

Comments