Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
cli2skill
v1.0.1Turn any CLI or MCP server into an Agent Skill. Use when you want to replace an MCP server with a zero-overhead CLI skill, or generate a skill from any comma...
⭐ 0· 66·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (convert CLIs/MCP servers into Agent Skills) matches the code and SKILL.md. The code implements help-parsing, skill generation, and an MCP handshake/extraction flow; those actions are necessary for the stated functionality.
Instruction Scope
Runtime instructions and examples are consistent with the tool. Important behaviour to note: the tool runs arbitrary executables to capture --help and to query subcommands, and when using the mcp flow it spawns the provided MCP command, sends JSON-RPC messages, and reads its stdout. The SKILL.md also documents reading a Claude Code settings.json (user-supplied path). These actions are expected for the stated purpose but give the tool the ability to execute arbitrary local commands and to read a user-provided config file.
Install Mechanism
No install spec in the registry entry (instruction-only), and README suggests standard pip/pipx install. There are no remote downloads or opaque installers declared in the registry metadata. This is low-risk as packaged code is present in the bundle for review.
Credentials
The skill declares no required environment variables, which matches the registry metadata. However, the MCP extraction flow will merge provided env entries with os.environ and will expand ${VAR} references from a settings.json; this is appropriate for connecting to configured MCP servers but means the tool can read environment variables when asked to (via config or --env) and will expose them to spawned subprocesses. That capability is proportionate to the feature but is sensitive — secrets in settings.json or in environment will be visible to launched processes and may appear in outputs.
Persistence & Privilege
always:false and no persistent background services. The tool spawns processes on demand and communicates with them; it attempts to kill on timeout. It does not modify other skills or system-wide agent configuration. No elevated or permanent privileges are requested.
Assessment
This tool is coherent and appears to do what it says, but it executes arbitrary local commands and can read a user-provided Claude Code settings.json and environment variables when asked. Before running: (1) avoid pointing it at untrusted or unknown MCP servers/commands — they will be executed; (2) inspect any settings.json you pass in for embedded secrets or remote commands; (3) prefer using --help-file or a saved help output when you only need parsing (to avoid executing binaries); (4) avoid passing secrets via --env unless necessary, and do this in a controlled environment (container or limited user account) if possible; (5) review generated SKILL.md files before dropping them into your agent skills directory. If you need additional assurance, run the tool in a sandbox or review the specific command(s) it will execute.Like a lobster shell, security has layers — review code before you run it.
agent-skillvk97dxkkey3fnz56rgw9fnjhzrh84135xclivk97dxkkey3fnz56rgw9fnjhzrh84135xcode-generatorvk97dxkkey3fnz56rgw9fnjhzrh84135xlatestvk97dxkkey3fnz56rgw9fnjhzrh84135xmcpvk97dxkkey3fnz56rgw9fnjhzrh84135xpythonvk97dxkkey3fnz56rgw9fnjhzrh84135x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.