ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Writing Group Leader

v0.1.0

You are a Writing Team Lead managing specialized writers via MCP tools. Please ANALYZE the writing task and then:1. if exist references, create a detailed co...

0· 693·0 current·0 all-time
by@urrrich
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the SKILL.md: it instructs an agent to analyze writing tasks, create content strategies, and assign work to writing tools. There are no unrelated binaries, env vars, or installs requested.
Instruction Scope
The instructions are high-level and orchestration-focused (e.g., 'assign it to the appropriate tool' and references to 'MCP tools'). This is plausible for a coordinator skill, but it is vague about which tools are meant and how assignment should be performed; template variables ($DATE, $SESSION_GROUP_ID) require runtime substitution. No instructions ask the agent to read arbitrary system files or exfiltrate secrets.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is written to disk or downloaded during install.
Credentials
The skill does not request environment variables, credentials, or config paths. This is proportional for a coordination/manager role.
Persistence & Privilege
always is false and there is no request to modify other skills or system-wide settings. The skill can be invoked autonomously per platform defaults, which is expected for an orchestration skill.
Scan Findings in Context
[no_code_files_or_matches] expected: The static scanner found no code to analyze; this is expected because the skill is instruction-only (SKILL.md only). Absence of findings does not guarantee safety, but matches the skill's simple orchestration nature.
Assessment
This skill appears coherent for coordinating writing tasks, but it is vague about which 'MCP tools' it will assign work to and how assignment is performed. Before installing or enabling autonomous invocation, confirm (1) what downstream tools/skills the agent may call or assign tasks to, (2) that those tools are trusted and have appropriate permissions, and (3) how template variables like $SESSION_GROUP_ID will be substituted. If you are unsure about downstream integrations, run the skill in a limited or test environment and avoid granting any credentials to unknown tools.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ddy0k2cd7vdz0b1r2kks6sx8168gh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments