Skillv1.0.1

ClawScan security

Red book content creation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 27, 2026, 2:40 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and instructions match its stated purpose (generate Xiaohongshu-style HTML + screenshots) and it does not request unrelated credentials or persistently modify the system.
Guidance: This skill appears to do what it says: generate styled HTML and create screenshots locally. Before installing/running: 1) ensure wkhtmltoimage and the Python imgkit dependency are installed and available on PATH (the tool depends on them); 2) review and test the scripts in a safe, writable workspace—generate_content.sh uses sed -i to replace placeholders and references unset variables (SUBTITLE, TAGS) which may yield empty fields or break on some systems (BSD sed vs GNU sed differences); 3) note the SKILL.md examples use an absolute /root path—adjust to your environment; 4) the screenshot script uses a fixed estimated content height and will create multiple chunk images—check outputs for completeness; 5) the skill runs locally and does not exfiltrate data, but avoid feeding it sensitive secrets since it will create files in the skill workspace. If you need further assurance, run the scripts on non-sensitive sample content and confirm behavior before using with real posts.

Review Dimensions

Purpose & Capability: okName/description, HTML templates, and the two scripts all align with producing styled HTML and screenshots for 小红书 posts. There are no unexpected credentials, remote endpoints, or binaries requested that would be incoherent with the stated purpose.
Instruction Scope: noteSKILL.md and scripts stay within content generation and local screenshotting. Minor issues: the README examples reference an absolute /root/.openclaw path (example-only), and generate_content.sh replaces several placeholders (SUBTITLE, TAGS) even though those variables are not defined in the script—this is an implementation bug rather than malicious behavior. The scripts only read user-provided content and write outputs in the skill directory; they do not access other system files or environment secrets.
Install Mechanism: okThere is no install spec and no external downloads. The tool relies on local binaries (wkhtmltoimage) and Python libraries (imgkit); requiring those is reasonable for HTML→image conversion. No network fetches or obscure install sources are present in the repository.
Credentials: okThe skill requests no environment variables or credentials. The only external requirements are typical system tools (wkhtmltoimage, ImageMagick, Python3) that are proportionate to rendering and screenshotting HTML.
Persistence & Privilege: okalways:false and user-invocable defaults are used. The skill writes outputs into its own outputs/ directory; it does not modify other skills or system-wide configuration. It does not request privileged or persistent presence.