by 安全扫描
OpenClaw
可疑
medium confidenceThe skill largely does what its description says, but the shipped script requires undeclared binaries (openclaw CLI, python3) and will forward user content to an agent process without explicitly documenting that behavior—these mismatches are concerning.
评估建议
Before installing or using this skill: 1) Be aware the included analyze.sh calls 'openclaw agent --local' and python3 but the skill metadata does not declare those binaries—verify you have these tools and understand what 'openclaw' will do (local-only vs. remote API calls). 2) Do not paste sensitive or private content until you confirm where the openclaw CLI sends data and whether it leaves your machine. 3) Prefer skills that explicitly list runtime dependencies and explain any network/model int...详细分析 ▾
⚠ 用途与能力
Name/description (convert long-form text into social threads) matches the code's goal, but the package metadata claims no required binaries while analyze.sh clearly invokes external programs (openclaw agent, python3, date). The missing declared dependency on the openclaw CLI is disproportionate to the simple transformation purpose and is an inconsistency.
⚠ 指令范围
SKILL.md and analyze.sh instruct the agent to send the user's input to the 'openclaw agent --local' CLI. That will hand user content to another process (likely a model runtime). The script does not document where that data goes, whether it stays local, or whether network calls occur—so the instructions allow transmitting user content to an external service without disclosure. The script otherwise only reads its CLI args and emits generated text; it doesn't access other system files.
✓ 安装机制
This is an instruction-only skill with no install spec and a single shell helper script. Nothing is downloaded or extracted during install. Low install footprint.
ℹ 凭证需求
requires.env lists nothing, which is consistent with no API keys, but analyze.sh depends on the 'openclaw' CLI and python3 at runtime. If the 'openclaw' CLI needs credentials or remote model access, that is not declared. No environment variables requesting secrets are present in the repository, but the script's runtime dependency could implicitly require credentials on the host.
✓ 持久化与权限
always is false and the skill has no install step that modifies agent configuration or persists credentials. The script only runs when invoked and writes no files; no elevated or persistent privileges are requested.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/23
- Initial release of Social Thread Converter. - Instantly converts long-form content (articles, blogs, ideas) into platform-optimized threads for X/Twitter, LinkedIn, or Threads. - Includes full thread scripts with hooks, numbered tweets, and a strong closer. - Ensures each post stays within platform character limits. - Suggests engagement tactics like polls, images, and CTAs. - Supports flexible prompts for various platforms and content styles.
● 可疑
安装命令 点击复制
官方npx clawhub@latest install social-thread-converter
镜像加速npx clawhub@latest install social-thread-converter --registry https://cn.clawhub-mirror.com
技能文档
Turn any content into a viral thread — optimized for X/Twitter, LinkedIn, or Threads.
Usage
thread: convert this blog post into a Twitter thread: [paste content]
X thread: turn this into a viral thread about productivity
LinkedIn thread: make a post from this article about AI trends
thread maker: [paste long text] → X thread
What You Get
- Full Thread Script — every tweet/post numbered and character-checked
- Hook Tweet — 3 options for the opening
- Thread Structure — intro → value → close framework
- Character Count — each tweet verified under 280 chars
- Engagement Tactics — where to add polls, images, or quotes
- Closing Tweet — follow/retweet CTA options
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制