ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

content-matrix-publisher

v1.0.0

智能内容矩阵分发 Combo —— 一键生成多平台内容并自动分发。解决内容创作者"一鱼多吃"的效率痛点,将单次创作转化为小红书图文、公众号文章、视�

0· 36·0 current·0 all-time
by@zlszhonglongshen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to publish to platforms (小红书, 公众号) and orchestrate discovery/summarization, which matches its purpose, but the package metadata lists no required env vars, credentials, or binaries. SKILL.md and README explicitly instruct users to provide a xiaohongshu web_session cookie and WeChat appid/secret and to install dependent skills (agent-reach, xiaohongshu-mcp, wechat-article-pro). Scripts call external CLIs (agent-reach, xiaohongshu-mcp, wechat-article-pro) and jq. Those dependencies are expected for the purpose but are not declared — an incoherence that could surprise users and lead to misconfiguration or accidental credential exposure.
!
Instruction Scope
Runtime instructions and scripts perform network discovery (agent-reach searches multiple platforms), content extraction, and invoke platform-publishing CLIs. SKILL.md tells users to store sensitive credentials in ~/.openclaw/config.yaml. Scripts write temporary output to /tmp and call other skills/CLIs. The instructions therefore reach beyond pure text generation: they require web access, call external tools, and handle credentials — none of which are reflected in the declared requirements. The workflow.json also includes webhook and scheduled triggers (HTTP cron), which broaden the runtime scope.
Install Mechanism
No install spec / no remote downloads are present (instruction-only with bundled scripts/templates), which reduces install-time risk. The included helper scripts will be written to disk when the skill is installed, but there are no downloads from external URLs or archive extraction in the package itself.
!
Credentials
The package metadata lists no required environment variables or primary credential, yet SKILL.md and README instruct storing sensitive credentials (xiaohongshu web_session cookie, WeChat appid/secret) in the user's ~/.openclaw/config.yaml and scripts expect platform CLIs to be available. This mismatch is problematic: the skill will need secrets to actually publish, but the platform metadata gives no upfront signal. Also, scripts expect jq and other CLIs that are not declared. Requesting cookies/app secrets for publishing is proportionate to the stated purpose, but failing to declare them is an availability/visibility concern and could lead to accidental credential exposure.
Persistence & Privilege
always:false (no forced inclusion) and disable-model-invocation:false (normal). workflow.json defines scheduled cron triggers and a webhook trigger, and config/default.yaml enables schedule:true by default. That means the skill can be configured to run unattended (scheduled/webhook). Auto-publish is false by default in examples (good), but configuration allows enabling auto_publish — review that setting carefully to avoid unintended autonomous posting.
What to consider before installing
This skill implements a plausible multi-platform publishing workflow but its metadata is inconsistent with its runtime needs. Before installing or enabling it: - Expect to provide sensitive credentials (xiaohongshu web_session cookie, WeChat appid/secret) in your ~/.openclaw/config.yaml — do not store secrets you are not comfortable exposing. The skill metadata does not declare these requirements, so you must add them manually. - The scripts call other CLIs/skills (agent-reach, xiaohongshu-mcp, wechat-article-pro) and use jq; ensure you only install trusted implementations of those tools. Verify the xiaohongshu/wechat publisher CLIs are legitimate and review their code/config handling. - By default publish.sh runs in DRY RUN mode; test thoroughly in dry-run before enabling auto_publish. - Scheduled and webhook triggers exist; keep auto_publish disabled unless you want unattended publishing. If you enable scheduling or webhooks, review what network endpoints and credentials will be used and whether the webhook exposes a public endpoint. - Because the package doesn’t declare required env vars or binaries, inspect and validate the config files and scripts yourself (especially where credentials are read/stored) and consider running in an isolated/test environment first. If you want more confidence, ask the skill author to: (1) declare required credentials and binaries in metadata, (2) avoid storing raw cookies/app secrets in plain config or provide clear guidance about secure storage, and (3) confirm which external CLIs/skills are required and where they come from.

Like a lobster shell, security has layers — review code before you run it.

latestvk979d8ska1neep60177dvh7tch84rzya

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments