Skill Trust Decision

ai-content-pipeline

Name: ai-content-pipeline Trust Review Report
Item: ai-content-pipeline
Rating: 55
Author: ClawSafe

Skill exposes production credentials in .env file and has an unpinned external dependency, though core functionality appears legitimate without malicious behavior.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 24

Artifacts 12

Violations 0

Findings 4

Most direct threat evidence

High Credential Theft

Production API credentials in .env file

The .env file contains real OpenAI API key, Apify token, Facebook App Secret, and Page Access Token. If this file is committed to version control or shared, all credentials are exposed to attackers.

.env:7

Why this conclusion was reached

2/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 0 attack-chain steps and 1 severe findings.

Review

Dependencies and supply chain hygiene

5 dependency or supply-chain issues need attention.

What drove the risk score up

Production credentials in .env file +25

Real OpenAI, Apify, and Facebook API keys/tokens are present in .env - critical if exposed or committed

Credential prefixes shown in README.md +10

README.md line 102-103 shows sk-proj- and apify_api_ prefixes in plain text documentation

Unpinned external dependency +10

openclaw>=2026.3.0 allows future malicious updates without version constraint

Most important evidence

High Credential Theft

Production API credentials in .env file

The .env file contains real OpenAI API key, Apify token, Facebook App Secret, and Page Access Token. If this file is committed to version control or shared, all credentials are exposed to attackers.

.env:7

Remove all real credentials. Use only placeholder values (e.g., OPENAI_API_KEY=your_key_here). Add .env to .gitignore (already present) and never commit.

Medium Doc Mismatch

Credential prefixes exposed in documentation

README.md lines 102-103 display partial API key prefixes in a credentials table, which could aid attackers in identifying the key type.

README.md:102

Remove credential examples from README.md. Use generic placeholders like 'your_openai_key' instead of showing real prefixes.

Medium Supply Chain

External dependency with unpinned version

requirements.txt specifies 'openclaw>=2026.3.0' without an upper bound. This allows the package maintainer to push malicious updates that would be automatically installed.

requirements.txt:12

Pin to a specific version: openclaw==2026.3.0

Low Sensitive Access

Chrome User-Agent flagged as hardcoded IP (false positive)

The pre-scan flagged '131.0.0.0' as a hardcoded IP in crawler_agent.py:27. This is actually part of the Chrome browser version string in the User-Agent header, not an IP address.

agents/crawler_agent.py:27

No action needed - this is a false positive from the scanner.

Declared capability vs actual capability

Filesystem Pass

Declared READ

→

Inferred READ

All file operations are for config loading and output writing (legitimate)

Network Pass

Declared READ

→

Inferred READ

requests.get/post to legitimate APIs: Gemini, OpenAI, Apify, Facebook Graph API

Shell Pass

Declared NONE

→

Inferred NONE

No subprocess, os.system, or shell execution found

Environment Pass

Declared READ

→

Inferred READ

os.getenv() used only for documented API keys (config.py)

Suspicious artifacts and egress

High IP Address

131.0.0.0

agents/crawler_agent.py:27

Medium External URL

https://dantri.com.vn/...

README.md:53

Medium External URL

https://www.facebook.com/...

README.md:56

Medium External URL

https://vnexpress.net/...

SKILL.md:54

Medium External URL

https://dantri.com.vn/suc-manh-so/cong-nghe-ai-tao-sinh-dang-thay-doi-nganh-truyen-thong-nhu-the-nao-20240101000000000.htm

agents/crawler_agent.py:204

Medium External URL

https://www.facebook.com/

agents/fb_publisher_agent.py:107

Medium External URL

https://developers.facebook.com/tools/explorer[/link

agents/fb_token_helper.py:81

Medium External URL

https://dantri.com.vn/example

agents/writer_agent.py:156

Medium External URL

https://graph.facebook.com/

config.py:33

Medium External URL

https://dantri.com.vn/some-article.htm

main.py:310

Medium External URL

https://graph.facebook.com

skills/facebook/references/graph-api-overview.md:4

Medium External URL

https://graph.facebook.com/vXX.X

skills/facebook/references/graph-api-overview.md:5

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
openai	`>=1.30.0`	pip	No	Version not pinned but package is reputable
requests	`>=2.31.0`	pip	No	Version not pinned but package is reputable
apify-client	`>=1.7.0`	pip	No	Version not pinned but package is reputable
openclaw	`>=2026.3.0`	pip	No	Version not pinned - supply chain risk
google-genai	`>=1.0.0`	pip	No	Official Google package - reputable
beautifulsoup4	`>=4.12.0`	pip	No	Well-known package
openclaw	`>=2026.3.0`	pip	No	CRITICAL: Version not pinned - allows malicious updates

File composition

24 files · 2010 lines

Python 12 files · 1522 linesMarkdown 8 files · 381 linesText 2 files · 68 linesOther 1 files · 27 linesIgnore 1 files · 12 lines

Files of concern · 9

agents/fb_token_helper.py Python · 150 lines

https://developers.facebook.com/tools/explorer[/link

.env Other · 27 lines

Production API credentials in .env file

skills/facebook/references/permissions-and-tokens.md Markdown · 21 lines

main.py Python · 393 lines

https://dantri.com.vn/some-article.htm

agents/crawler_agent.py Python · 206 lines

Chrome User-Agent flagged as hardcoded IP (false positive) · 131.0.0.0 · https://dantri.com.vn/suc-manh-so/cong-nghe-ai-tao-sinh-dang-thay-doi-nganh-truyen-thong-nhu-the-nao-20240101000000000.htm

agents/fb_publisher_agent.py Python · 180 lines

https://www.facebook.com/

agents/writer_agent.py Python · 169 lines

https://dantri.com.vn/example

README.md Markdown · 128 lines

Credential prefixes exposed in documentation · https://dantri.com.vn/... · https://www.facebook.com/...

config.py Python · 74 lines

https://graph.facebook.com/

Other files · output_log.txt · image_agent.py · test_fb_connection.py

24 files · 80.5 KB · 2010 lines

Python 12f · 1522LMarkdown 8f · 381LText 2f · 68LOther 1f · 27LIgnore 1f · 12L

├─ ▾ 📁 agents

│ ├─ 🐍 __init__.py Python 1L · 25 B

│ ├─ 🐍 crawler_agent.py Python 206L · 8.4 KB

│ ├─ 🐍 fb_publisher_agent.py Python 180L · 8.3 KB

│ ├─ 🔑 fb_token_helper.py ⚠ Python 150L · 5.1 KB

│ ├─ 🐍 image_agent.py Python 96L · 3.5 KB

│ └─ 🐍 writer_agent.py Python 169L · 7.1 KB

├─ ▾ 📁 skills

│ └─ ▾ 📁 facebook

│ └─ ▾ 📁 references

│ ├─ 📝 comments-moderation.md Markdown 24L · 648 B

│ ├─ 📝 graph-api-overview.md Markdown 26L · 836 B

│ ├─ 📝 http-request-templates.md Markdown 52L · 814 B

│ ├─ 📝 page-posting.md Markdown 37L · 955 B

│ ├─ 🔑 permissions-and-tokens.md ⚠ Markdown 21L · 740 B

│ └─ 📝 webhooks.md Markdown 19L · 538 B

├─ 🔑 .env ⚠ 27L · 1.1 KB

├─ 📄 .gitignore Ignore 12L · 95 B

├─ 📝 README.md Markdown 128L · 3.7 KB

├─ 📝 SKILL.md Markdown 74L · 2.4 KB

├─ 🐍 config.py Python 74L · 3.1 KB

├─ 🐍 main.py Python 393L · 15.9 KB

├─ 🐍 models.py Python 62L · 2.1 KB

├─ 📄 output_log.txt Text 57L · 9.0 KB

├─ 📄 requirements.txt Text 11L · 200 B

├─ 🐍 sitecustomize.py Python 11L · 465 B

├─ 🐍 test_fb_connection.py Python 100L · 3.3 KB

└─ 🐍 utils.py Python 80L · 2.2 KB

Security positives

No shell execution (subprocess, os.system, eval, or base64 decoding)

No credential harvesting - credentials used only for legitimate API calls

No data exfiltration - all network calls go to documented services (Facebook, Gemini, OpenAI, Apify)

No obfuscation - code is well-structured and readable

SKILL.md accurately describes all capabilities and permissions

Proper use of .gitignore to exclude .env

All dependencies except openclaw are properly version-pinned

No hidden functionality or undocumented behavior detected