Back to skill
Skillv1.0.0
ClawScan security
AI Content — Xiaohongshu Content Production · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 19, 2026, 11:25 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions broadly match a Xiaohongshu content pipeline, but the SKILL.md requires deploying a full web app and configuring multiple external API keys/databases while declaring no required environment variables—this mismatch and the potential for many credentials/config actions merit caution.
- Guidance
- This SKILL.md is a deploy-and-configure guide pointing to an external GitHub project. Before using or following it: 1) verify the referenced GitHub repository (CheeMao/ai-content) and review its source code, licenses, and recent commits; 2) run deployments in an isolated environment (VM/container) rather than your primary machine; 3) do not reuse high-privilege or long-lived credentials—create scoped API keys for AI/image services and separate DB credentials for the app; 4) expect to provide OpenAI-compatible model keys and image-generation keys even though the skill metadata doesn't list them; 5) be cautious about the data you allow the app to scrape or store (it will collect web content and media); 6) confirm the license restriction (Personal Use Only) matches your intended usage. If you need higher assurance, ask the publisher for an explicit list of required environment variables and a pointer to the exact repository tag/release to inspect.
Review Dimensions
- Purpose & Capability
- noteName/description align with the documented workflow (collection → topics → writing → images → scheduling). The SKILL.md is essentially a full-project deployment guide (git clone, Docker, Postgres, Redis, Node.js) which is coherent with building the described system. However, the skill does not declare any required environment variables or credentials even though the instructions require configuring model providers, image APIs, and database credentials.
- Instruction Scope
- okRuntime instructions stay within the domain of deploying and configuring a content-production app: cloning the repo, starting DB/Redis, running npm scripts, creating an admin account, and configuring AI model endpoints. The doc references web scraping / RSS ingestion and connecting to AI/image providers, which are expected for this purpose and do not instruct reading unrelated system files or exfiltrating data. Still, the instructions expect the user to supply multiple external credentials and to run network-enabled services.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files embedded in the skill bundle, so nothing will be written or executed by the skill itself during installation. The SKILL.md points to a GitHub repo for a third-party project; installing that project is outside the platform and should be reviewed manually.
- Credentials
- concernThe SKILL.md requires configuring AI model providers, image-generation APIs, Docker/Postgres/Redis, and creating admin credentials, but the skill metadata declares no required env vars or primary credential. This lack of declared credentials reduces transparency: the system will need API keys, DB credentials, and likely OAuth tokens, but the skill does not enumerate them or explain minimal scoping. Users could accidentally supply broad or reuse sensitive credentials.
- Persistence & Privilege
- okThe skill is not always-on and is user-invocable; it does not request persistent platform privileges. There is no indication it modifies other skills or platform-wide settings.