hot-topic-ideator
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent content-ideation skill; the main things to notice are its required ChatDAM API token, external API calls, and a small but not fully explained uv install dependency.
Before installing or using this skill, verify that you trust the ChatDAM/Tezign API, provide only a scoped CHATDAM_API_TOKEN, expect brand and search terms to leave your environment, and confirm whether the uv Homebrew install is actually needed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user must provide an API token; if the wrong or over-privileged token is used, the skill could consume or expose access tied to that API account.
The skill requires a bearer token and uses it for ChatDAM API requests. This is expected for the data source, but it gives the skill access to the user's API account or quota.
export CHATDAM_API_TOKEN="YOUR_TOKEN_HERE" ... --header "Authorization: Bearer ${CHATDAM_API_TOKEN}"Use a scoped ChatDAM token intended only for this service, rotate it if exposed, and avoid providing unrelated credentials.
Brand names, campaign context, and search terms may be sent to the external API provider during normal use.
The workflow sends generated keywords, note IDs, and the authorization header to an external Tezign/ChatDAM API. This is central to the skill's purpose, but it is still an external data boundary.
curl --request GET 'https://asset.tezign.com/chatdam/api/notes/search?keyword=[KEYWORD_URL_ENCODED]' ... GET https://asset.tezign.com/chatdam/api/hot-trends?limit=20
Use the skill only with brand or campaign information you are comfortable sending to the ChatDAM/Tezign API, and verify that provider is trusted for your use case.
Installing uv changes the local environment and may be unnecessary unless later workflow steps require it.
The skill declares a Homebrew-installed uv dependency. The provided artifacts contain no code files and the visible workflow mainly documents API calls, so the dependency is not fully explained by the shown instructions.
metadata: {"clawdbot":{"requires":{"bins":["uv"]},"install":[{"id":"uv-brew","kind":"brew","formula":"uv","bins":["uv"]Confirm why uv is needed before installing, and install it only from the expected Homebrew source if you choose to proceed.