📦 Content Ideas — 内容灵感

v1.0.0

聚合 RSS、Reddit、Hacker News、X/Twitter 与网页搜索的热点，一键生成可执行的内容选题清单，解决选题枯竭。

0· 549·1 当前·1 累计

by @dimitripantzos (DimitriPantzos)

数据分析网络工具

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

This skill could do what it says, but review before enabling: 1) The SKILL.md tells the agent to execute a node script at /root/clawd/skills/rss-reader/scripts/rss.js which modifies another skill's feeds — verify that path and script exist and inspect its contents; do not allow arbitrary modification of other skills without review. 2) Confirm where credentials for X/Twitter or other APIs will come from; the manifest lists none, so the skill will rely on other installed skills or attempt unauthen...

详细分析 ▾

ℹ 用途与能力

The name/description (content idea aggregation from RSS/Reddit/HN/X/web) matches the instructions to pull from those sources and produce idea outputs. However, the SKILL.md instructs the agent to call other local skill scripts (e.g., a node script under /root/clawd/skills/rss-reader) and to read/write local config files, which is more system-level access than a simple 'content idea' generator normally requires.

⚠ 指令范围

The instructions tell the agent to execute host-local commands (node /root/clawd/skills/rss-reader/scripts/rss.js add ...) and to load files (brand-voice/profile.json, content-ideas/config.json) and write scheduled outputs to content-ideas/... — these are explicit file I/O and modification operations outside a purely read-only aggregation flow. They also direct modification of another skill's configuration (rss-reader). The SKILL.md gives broad discretion to 'check configured sources' and 'search for trending topics', which could lead to use of platform credentials or scraping without explicit constraints.

✓ 安装机制

This is an instruction-only skill with no install spec and no code files, so nothing will be downloaded or written at install time by the registry. The runtime instructions are where the risk appears (commands the agent may be told to run), not an installer.

ℹ 凭证需求

The skill declares no required env vars or credentials, which is consistent on its manifest. However, the SKILL.md expects access to external services (Twitter/X, possibly authenticated APIs for engagement metrics) via other skills (bird, x-twitter, web_search). Those integrations typically require API keys or tokens — the skill does not describe where credentials come from. Also, it instructs reading/writing local files (brand-voice/profile.json) without specifying path security or permission expectations.

⚠ 持久化与权限

The instructions explicitly instruct writing config and output files under content-ideas/ and recommend scheduling cron jobs to run generation tasks. More importantly, they show commands that modify another skill's configuration (rss-reader) by calling scripts under /root/clawd/skills/rss-reader — that constitutes modifying other skills' data/config and is a privilege escalation beyond touching only its own files.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/22

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install content-ideas

镜像加速npx clawhub@latest install content-ideas --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库