ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Content Draft Generator

v1.0.2

Generates new content drafts based on reference content analysis. Use when someone wants to create content (articles, tweets, posts) modeled after high-perfo...

1· 2.6k·5 current·6 all-time
by@vincentchan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe producing content from reference examples; the SKILL.md and reference docs only require fetching reference URLs, analyzing structure, generating prompts, and saving drafts—all consistent with that purpose.
Instruction Scope
Instructions explicitly tell the agent to fetch up to 5 reference URLs (via a web_fetch tool), transform Twitter/X links to api.fxtwitter.com, analyze content, and save multiple files. This is expected behavior for a content-synthesis skill, but fetching arbitrary URLs means the agent will contact external hosts and may send URL metadata to third parties (e.g., fxtwitter). Advise not to provide private/internal URLs or secrets as part of references or interview responses.
Install Mechanism
No install spec and no code files to execute—this is an instruction-only skill, which minimizes on-disk risk. Nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required env vars, no credentials, and no config paths. The SKILL.md does not request API keys or other system secrets. This is proportional for the stated functionality.
Persistence & Privilege
always is false and the skill writes generated files to skill-local directories (content-breakdown/, content-anatomy/, etc.). It does not request persistent platform-wide privileges or modify other skills. Note: the skill's instruction to 'preserve all generated files—never overwrite' means outputs will accumulate unless the user/agent cleans them up.
Assessment
This skill appears to do what it claims: fetch example URLs, analyze them, produce guides and drafts, and save files. Before installing or using it, consider the following: (1) do not provide private, internal, or sensitive URLs (the skill fetches arbitrary web addresses and will contact external hosts); (2) the skill will convert Twitter/X links to an api.fxtwitter.com endpoint — that means third-party servers will see those URLs/requests; avoid including private tweets or data you don't want shared; (3) the skill will ask up to 10 interview questions and store those answers in files — avoid pasting secrets, credentials, or private PII into responses; (4) generated files are preserved and never overwritten by design, so plan for storage/cleanup; (5) if you need stricter network controls, confirm how your agent's web_fetch tool is governed (e.g., allowed hosts, request logging) before use. Overall the skill is coherent and not requesting disproportionate privileges, but exercise usual caution with the URLs and content you feed it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9793v2939qpb1fe42xs5g8z8s81414z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments