Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
article-writer
v1.0.0Senior technical article editor for creating well-structured articles from research. Use when user requests to write/create a technical article with keywords...
⭐ 0· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (authoring and publishing technical articles) aligns with using search, organizing content, saving to Obsidian, and publishing to WeChat. However, the declared metadata lists no dependencies, env vars, or config paths while the instructions require other skills (tavily-search, wechat-toolkit, obsidian) and access to an Obsidian vault and WeChat publishing credentials. The missing declarations are disproportionate to the manifest and reduce transparency.
Instruction Scope
SKILL.md explicitly instructs use of tavily search, saving to /root/obsidian-vault/公众号文章/, and invoking a wechat-toolkit publisher script that requires WECHAT_APP_ID and WECHAT_APP_SECRET (and IP whitelisting). These environment variables and filesystem paths are referenced but not declared. The instructions also ask to create 'sub-Agents' and a verification sub-agent, which is vague and grants broad runtime discretion; that broadness combined with undeclared sensitive operations is concerning.
Install Mechanism
This is an instruction-only skill (no install spec, no code files), so there is no installer or download risk in the manifest itself. The runtime risk comes from invoking other skills and local scripts, not from an installation step.
Credentials
The instructions require WECHAT_APP_ID and WECHAT_APP_SECRET and expect an IP whitelist, yet requires.env is empty. The skill also expects read/write access to a root-level Obsidian vault path. Requesting publishing credentials and filesystem access is reasonable for a publishing workflow, but it must be declared explicitly — the omission is disproportionate and reduces the user's ability to assess risk.
Persistence & Privilege
always:false (no forced/global installation) and there is no explicit persistence mechanism in the manifest. The skill does reference and invoke other local skills and scripts, but it does not request to modify other skills or agent-wide settings. Still, autonomous invocation plus access to publishing credentials could broaden impact if combined with the other issues above.
What to consider before installing
Do not install or run this skill until the manifest accurately reflects what the runtime instructions require. Specifically: (1) Ask the publisher to add required env vars (WECHAT_APP_ID, WECHAT_APP_SECRET) and declare the expected config path (/root/obsidian-vault/公众号文章/) in requires.env / requires.config so you can review and control them. (2) Verify the wechat-toolkit script being invoked and confirm it handles secrets safely; inspect its code before granting credentials. (3) Confirm that tavily-search and obsidian skills referenced are trusted and understand what data they read/write. (4) Prefer running this skill in an isolated environment or sandbox with least privilege (dedicated Obsidian vault directory and ephemeral credentials) and avoid exposing broad root paths. (5) If you need autonomous publishing disabled, restrict agent autonomy or require explicit user confirmation before invoking wechat-toolkit. These changes would make the skill's intent and required privileges transparent and safer to use.Like a lobster shell, security has layers — review code before you run it.
latestvk97dn4f4j7x90zpkrq853et90h83e651
License
MIT-0
Free to use, modify, and redistribute. No attribution required.