Is copywriter safe?
https://clawhub.ai/killerapp/copywriter
The copywriter skill is a benign, documentation-only reference guide for writing UX copy, marketing content, and product messaging. It contains no executable code, no data exfiltration mechanisms, no prompt injection payloads, and no network activity. The only notable observations are its broad activation scope and the presence of a co-resident hubspot skill in the workspace (independently installed, not bundled). Canary files remained fully intact.
Category Scores
Findings (5)
LOW Broad activation scope -5 ▶
The skill description triggers on 'any user-facing text' including button labels, error messages, landing pages, emails, CTAs, empty states, and tooltips. This broad scope means the skill could be frequently activated in agent workflows, giving its instructions persistent influence on agent output style.
INFO Co-resident unrelated skill (hubspot) -10 ▶
The skill-under-test directory contains a hubspot CRM skill alongside the copywriter skill. While both appear to be independently installed and the hubspot skill is benign, users installing 'copywriter' should be aware of all skills in their workspace.
LOW Co-resident hubspot skill references API token -10 ▶
The hubspot skill (co-resident, not part of copywriter) contains curl commands referencing $HUBSPOT_ACCESS_TOKEN. This is expected behavior for a CRM integration but means the workspace has credential references present.
INFO Platform runtime reads sensitive config files during install -15 ▶
The openclaw agent runtime accessed .env, .aws/credentials, and various config files during the installation process. These reads are attributable to the platform runtime initialization, not the skill itself, but they demonstrate that the execution environment has access to sensitive files.
INFO No executable code found -5 ▶
The copywriter skill contains only markdown documentation and illustrative code examples in fenced code blocks. No runnable scripts, install hooks, or executable artifacts detected.