AI Copywriting Generator / AI 文案生成器 Security Report — Trusted | ClawSafe

5 /100

AI Copywriting Generator / AI 文案生成器

一键生成爆款营销文案，涵盖小红书/抖音/朋友圈/电商详情页等 20+ 场景

A straightforward AI copywriting generation tool with no malicious behavior detected; all functionality is properly documented and uses legitimate API calls.

Skill NameAI Copywriting Generator / AI 文案生成器

Duration27.4s

Enginepi

✓

Safe to install

Approve for use. Consider documenting network access in SKILL.md for full transparency.

Findings 1 items

Severity	Finding	Location
Low	Network access not declared in SKILL.md Doc Mismatch The SKILL.md does not document that the skill makes outbound network requests to the OpenClaw API. This is a minor transparency gap — the network access is necessary for the core AI copywriting feature, and no sensitive data is exfiltrated. `client = OpenClaw(api_key=self.api_key) response = client.chat.completions.create(...)` → Add 'network: READ' to the allowed-tools mapping in SKILL.md documentation to improve transparency.	`copywriting_gen.py:36`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file reads or writes in copywriting_gen.py
Network	`NONE`	`READ`	✓ Aligned	copywriting_gen.py:36 - client.chat.completions.create() makes outbound API call…
Shell	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution calls found
Environment	`NONE`	`READ`	✓ Aligned	copywriting_gen.py:35 - reads OPENCLAW_API_KEY, which is necessary for the core …
Skill Invoke	`NONE`	`NONE`	—	No skill-to-skill invocation detected
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser automation found
Database	`NONE`	`NONE`	—	No database access found

1 findings

🔗

Medium External URL 外部 URL

https://discord.gg/clawd

SKILL.md:55

File Tree

2 files · 5.9 KB · 197 lines

Python 1f · 138L Markdown 1f · 59L

├─ 🐍 copywriting_gen.py Python 138L · 4.7 KB

└─ 📝 SKILL.md Markdown 59L · 1.2 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`openclaw`	`*`	pip	No	Version not pinned; verify package authenticity before deployment

Security Positives

✓ No subprocess, shell execution, or command injection vectors detected

✓ No credential harvesting or exfiltration — OPENCLAW_API_KEY is used only for the declared AI API feature

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)

✓ No base64 encoding, obfuscation, or anti-analysis patterns

✓ No suspicious third-party dependencies — only standard library + openclaw SDK

✓ No persistence mechanisms, reverse shells, or C2 communication

✓ Clean, readable codebase with straightforward business logic

Scan Report

Findings 1 items

File Tree

Dependencies 1 items

Security Positives