Safe content workflow (drafts/reviewed/revised/approved/posted) with human-in-the-loop approval, plus CLI to list/move/review and post to LinkedIn/X. Use when setting up a content pipeline, drafting content, managing review threads, or posting approved content.
Security Analysis
medium confidenceThe skill's stated purpose (human-in-the-loop content pipeline) is plausible, but there are several inconsistencies and risky instructions (manual cookie/token paste, an external npm install with no auditable code in the package bundle, and mismatches between metadata and included files) that merit caution before installing or using it.
The name/description (content drafting → review → approve → post) align with the included CLI workflow and commands. However the registry metadata shown to you said 'no install spec' and 'no required binaries', while the included skill.json declares an npm install that provides 'content'/'content-pipeline' CLI binaries — an internal inconsistency. Installing a global npm package to provide the CLI is reasonable for this purpose, but the skill bundle does not provide the package source for local review (the SKILL.md instructs 'npm install -g agent-content-pipeline').
The runtime instructions mostly confine the agent to drafting, revising, and moving files and explicitly say the agent 'cannot approve' or 'cannot post'. But the SKILL.md also documents the 'content post' command and gives manual steps for extracting cookies (auth_token and ct0) from Firefox DevTools and pasting them — instructions that involve sensitive credentials/cookies. That instruction expands the scope of what a human might be asked to supply and could enable posting or token misuse if combined with unattended CLI execution. The guidance to paste browser tokens is a risky operation and is not strictly necessary for drafting/reviewing.
An npm install (-g agent-content-pipeline) is the declared install mechanism in skill.json and the SKILL.md. Installing a third-party global npm package is a typical way to get a CLI, but it has moderate risk because arbitrary code will be written to the host and run. No package tarball or local code is included in the skill bundle for review, so you cannot audit what the npm package does before installing.
The skill declares no required env vars or config paths (and the top-level metadata reported 'none'), which is consistent with the idea of an offline draft/review pipeline. However the instructions for posting to X ask the user to extract and paste auth_token and ct0 cookies — sensitive tokens not declared in requires.env. This is disproportionate to the core drafting/review purpose and creates a potential vector for credential exposure or accidental agent-driven posting if the CLI or agent later uses those tokens.
always is false and the skill does not request persistent privileges in the manifest. The SKILL.md emphasizes that approval and posting are human actions. There is no evidence the skill attempts to modify other skills or system-wide config. However, because the skill requires installing an npm package, that package will persist on the system and could run code; this is expected but worth auditing.
Guidance
This skill is plausible for managing drafts and reviews, but proceed cautiously. Key things to consider before installing or using it: - The skill asks you to globally install an npm package you cannot audit from the bundle; inspect the package source (npm page / GitHub repo) and review its code before running npm install -g. - The SKILL.md tells you to extract browser cookies (auth_token, ct0) manually — avoid copying/pasting session cookies unless you fully trust and have audited the tooling. Prefer official OAuth or API token flows when possible. - Confirm that the CLI will not post automatically or store tokens unencrypted; test with dry-run modes and minimal privileges. - Verify the package homepage/repository (skill.json references a GitHub page) matches the registry listing and that the maintainer is trusted. - If you cannot audit the npm package, consider running it in an isolated environment (VM/container) or decline installing. If you install, restrict the agent's ability to invoke the CLI autonomously (require explicit user invocation) and never provide browser session cookies to the tool.
Latest Release
v0.2.3
Initial publish: content pipeline skill wrapper for agent-content-pipeline CLI.
More by @larsderidder
Published by @larsderidder on ClawHub
