Content Generation
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use the user's Brave API quota or search access when researching content.
The skill requires an external API key. This is credential-like access, but it is disclosed and fits the skill's research, fact-checking, and SEO functions.
env: ["BRAVE_API_KEY"]
Use a limited, revocable Brave API key and monitor usage; do not provide unrelated credentials.
If used during research, the agent could run network or git-related commands, so users should review any proposed command activity.
The skill requires general-purpose network, JSON-processing, and source-control tools. The artifacts do not show destructive commands, but these tools are broader than simple text generation.
bins: ["curl", "jq", "git"]
Allow command use only when it is clearly tied to the requested content task, and avoid granting access to private repositories unless needed.
Installing the skill may pull code from the npm package ecosystem, which can change over time if not pinned.
The skill installs an npm package despite being instruction-only. This is disclosed and not evidence of malicious behavior, but it introduces an external dependency.
node | package: axios | creates binaries: axios
Verify the package source and version before installation, and prefer pinned dependencies or an isolated environment.