ai-content-generator-pro Security Report — Trusted | ClawSafe

0 /100

ai-content-generator-pro

Premium AI content generation skill with multi-model support (ChatGPT, Claude, Grok)

This is a legitimate AI content generation skill with no malicious behavior detected. All functionality is accurately represented in documentation and the code is a clean prototype that simulates API responses without actual sensitive operations.

Skill Nameai-content-generator-pro

Duration35.7s

Enginepi

✓

Safe to install

No action needed. The skill is safe to install and use. For production use, add real API keys and implement actual AI model integrations.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	package.json:permissions + index.js uses fs module for local content/config only
Network	`READ`	`NONE`	✓ Aligned	index.js:all AI calls are simulated, no actual network requests
Shell	`NONE`	`NONE`	—	index.js:no exec/spawn calls found
Environment	`NONE`	`NONE`	—	No environment variable access observed
Database	`NONE`	`NONE`	—	sqlite3 in dependencies but not used in code (prototype)
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation

2 findings

📧

Info Email 邮箱地址

[email protected]

CLAWHUB_LISTING.md:234

📧

Info Email 邮箱地址

[email protected]

CLAWHUB_LISTING.md:239

File Tree

18 files · 63.7 KB · 2063 lines

Markdown 9f · 1204L JavaScript 2f · 471L Shell 2f · 207L JSON 5f · 181L

├─ ▾ 📁 config

│ ├─ 🔑 config.json ⚠ JSON 24L · 362 B

│ ├─ 📋 models.json JSON 27L · 690 B

│ ├─ 📋 prompts.json JSON 24L · 3.6 KB

│ └─ 📋 templates.json JSON 45L · 1.3 KB

├─ ▾ 📁 content

│ ├─ ▾ 📁 samples

│ │ └─ 📝 sample-blog.md Markdown 22L · 564 B

│ ├─ 📝 blog-1773489827764.md Markdown 12L · 378 B

│ └─ 📝 calendar-weekly-1773489827765.md Markdown 12L · 320 B

├─ ▾ 📁 references

│ ├─ 📝 api-docs.md Markdown 370L · 7.8 KB

│ └─ 📝 market-research.md Markdown 127L · 4.0 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 setup.sh Shell 95L · 2.2 KB

│ └─ 🔧 test.sh Shell 112L · 2.7 KB

├─ 📝 CLAWHUB_LISTING.md Markdown 246L · 8.1 KB

├─ 📝 IMPLEMENTATION_SUMMARY.md Markdown 209L · 7.4 KB

├─ 📜 index.js JavaScript 366L · 13.3 KB

├─ 📋 package.json JSON 61L · 1.3 KB

├─ 📝 README.md Markdown 29L · 646 B

├─ 📝 SKILL.md Markdown 177L · 6.4 KB

└─ 📜 test.js JavaScript 105L · 2.8 KB

Dependencies 8 items

Package	Version	Source	Known Vulns	Notes
`openai`	`^4.0.0`	npm	No	API client, declared but not used in prototype
`@anthropic-ai/sdk`	`^0.24.0`	npm	No	API client, declared but not used in prototype
`cheerio`	`^1.0.0`	npm	No	HTML parsing for SEO features
`marked`	`^12.0.0`	npm	No	Markdown processing
`date-fns`	`^3.6.0`	npm	No	Date manipulation for content calendar
`sqlite3`	`^5.1.6`	npm	No	Database, declared but not used in prototype
`chalk`	`^5.3.0`	npm	No	Terminal styling
`yaml`	`^2.3.0`	npm	No	YAML parsing

Security Positives

✓ All declared features match actual implementation - no hidden functionality

✓ No shell execution or system command calls in index.js

✓ No credential harvesting or environment variable scanning

✓ No network exfiltration or suspicious outbound connections

✓ AI generation is simulated/prototype only - no real API keys are used

✓ Content and config files written only to expected local directories

✓ No base64 encoding, eval(), or obfuscated code

✓ Dependencies are legitimate and standard (openai, anthropic, cheerio, marked, etc.)

✓ SQLite dependency is declared but not actually used in prototype code

✓ Setup and test scripts use only safe, documented operations

✓ API keys stored in config.json are empty placeholders

✓ No sensitive paths (~/.ssh, ~/.aws, .env) are accessed

Scan Report

File Tree

Dependencies 8 items

Security Positives