ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adaptive Skill Factory

v1.0.0

Discover, install, update, or create the right skill when a workflow gap appears. Use when a task is repetitive, a role lacks a reliable procedure, an existi...

1· 473·2 current·2 all-time
by@505768069-rgb

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 505768069-rgb/adaptive-skill-factory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Adaptive Skill Factory" (505768069-rgb/adaptive-skill-factory) from ClawHub.
Skill page: https://clawhub.ai/505768069-rgb/adaptive-skill-factory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install adaptive-skill-factory

ClawHub CLI

Package manager switcher

npx clawhub@latest install adaptive-skill-factory
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the instructions: the skill is a process guide for discovering, installing, or creating skills. However, the guidance expects the agent to inspect workspace skill directories, shared extra-skill directories, and perform installs from ClawHub/the internet — capabilities that imply filesystem and network access even though no config paths, binaries, or credentials are declared.
!
Instruction Scope
SKILL.md explicitly tells the agent to read and create skills under specific filesystem paths (e.g., <workspace>/skills and a hard-coded Windows path D:\internal-hub\skills), search/install from ClawHub/the internet, and create new SKILL.md and potentially scripts. Those are concrete actions that involve reading/writing the filesystem and contacting external services but the skill does not declare or limit those accesses. The hard-coded D:\ path is platform-specific and unexpected. There are no explicit instructions to exfiltrate secrets, but the broad file-write instructions increase the attack surface if the agent generates or installs code without human review.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code. That is lower risk from an installation perspective because nothing is downloaded or written by a packaged installer.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for a guidance-only skill. But the runtime instructions assume network access and filesystem read/write permissions (including shared/central skill directories) that are not declared. The mismatch means the agent may attempt operations that require privileges or credentials not considered in the metadata.
Persistence & Privilege
always is false (good) and allow_implicit_invocation is true in the included agent policy (normal). The skill instructs creating and editing local skills, which will persist on disk if performed — that is expected for a factory-style skill but increases risk if the agent is allowed to autonomously create executable scripts or install third-party skill packages without approval.
What to consider before installing
This skill is a procedural guide for finding/creating other skills and is not itself downloading code, but it tells an agent to read and write skill directories and to search/install from the internet. Before installing or allowing autonomous use: 1) Confirm what filesystem and network permissions the agent runtime has (will it be able to create files under <workspace>/skills or D:\internal-hub\skills?). 2) Prevent automatic installation of third-party skills without human review (especially from external hubs). 3) Watch for the hard-coded Windows path (D:\internal-hub\skills) and adjust or remove it if you run a different OS or have different policies. 4) Require review of any generated SKILL.md, scripts, or assets before they are executed or installed system-wide. If you cannot or do not want the agent to create files or install packages automatically, restrict its file-write and network permissions or avoid enabling implicit/autonomous invocation for this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk973dv10zbabhcez0dqdr30f2182jcfm
473downloads
1stars
1versions
Updated 11h ago
v1.0.0
MIT-0
@505768069-rgb
latest
Download

Adaptive Skill Factory

Use this skill to keep agents sharp without bloating every prompt.

Workflow

  1. Classify the gap.
  • Use no skill for one-off trivial tasks.
  • Reuse a skill for repeated workflows, fragile procedures, or domain-specific tasks.
  • Create a new skill only when the same gap is likely to recur.
  1. Check existing skills first.
  • Prefer workspace skills in <workspace>/skills.
  • Then check shared skills loaded from configured extra skill directories.
  • Reuse bundled skills when they already fit.
  1. If internet and ClawHub are available, search before building.
  • Search narrowly for the exact workflow.
  • Install the smallest relevant skill, not a broad bundle.
  • Avoid skills that overlap another role's boundary.
  1. If no suitable skill exists, create a local skill.
  • Put role-specific skills in <workspace>/skills/<skill-name>.
  • Put cross-role reusable skills in D:\internal-hub\skills.
  • Keep SKILL.md concise and procedural.
  • Only include scripts, references, or assets when they save real effort.
  1. Validate and iterate.
  • Validate the skill after editing.
  • Update the skill when the workflow changes or the agent struggles again.
  • Delete or simplify stale skills that no longer help.

Role discipline

  • Technical skills: only for code, deployment, automation, debugging, websites, scripts.
  • Intelligence skills: only for research, verification, policy, news, or competitor analysis.
  • Trade skills: only for suppliers, pricing, MOQ, lead time, procurement, stocks, crypto, funds, or trading analysis.
  • Supervisor skills: only for task routing, progress reporting, review, and execution oversight.

Avoid

  • Do not create skills for generic reasoning.
  • Do not create skills that duplicate another role's job.
  • Do not install large unrelated skill packs just because they are available.
  • Do not let a skill become a dumping ground for long notes.

Comments

Loading comments...