ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Template

v2.0.1

OpenClaw Skill template generator. Create skill scaffolds, validate structure, enhance SKILL.md, generate command frameworks, tips, publish checklists.

0· 627·3 current·3 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (skill template / scaffold generator and a simple CLI data tool) align with the included files: a small data-logging CLI (scripts/script.sh) and a template/validator generator (scripts/skill-tmpl.sh). Required binaries and env vars declared (none) are consistent with the scripts which only rely on bash and python3.
Instruction Scope
Instructions and scripts operate on a local data directory (~/.local/share/skill-template by default) and on a provided target directory when validating/enhancing/publishing templates. They read SKILL.md, tips.md and list scripts/ content in the target. The CLI also writes a history.log that records commands and arguments — this can capture any sensitive strings the user supplies, so avoid adding secrets as entries. No external endpoints or network exfiltration are present in the scripts.
Install Mechanism
No install spec (instruction-only with bundled scripts). All code is included in the package; there are no downloads or remote installs. This is low-risk from an install mechanism perspective.
Credentials
No credentials or special environment variables are required. The scripts read SKILL_TEMPLATE_DIR, XDG_DATA_HOME and HOME (standard local configuration) to determine storage location — reasonable for a local CLI. No secrets or unrelated service tokens are requested.
Persistence & Privilege
always is false. The skill writes files only under the user's data directory (or alternate SKILL_TEMPLATE_DIR if set) and does not modify other skills or system-wide configs. Autonomous invocation is allowed by default (platform normal) but not combined with elevated privileges.
Assessment
This skill appears to do what it says: a local template generator and a tiny data-logging CLI. Before installing or invoking: 1) Note it will create and write to a data directory (~/.local/share/skill-template by default) and append commands/arguments to history.log — don't store secrets or passwords via the tool. 2) It requires bash and python3; ensure those match your environment. 3) The validator/enhancer reads SKILL.md and tips.md in any target directory you give it — avoid validating directories that contain sensitive files unless you intend the skill to read them. 4) Review the included scripts if you want to be extra cautious; they contain no network calls or credential handling.

Like a lobster shell, security has layers — review code before you run it.

chinesevk977d6n3zkhrwh7x8nv127drrd82pa5platestvk97eeyq7g6xhqg4r0mdqhyzezn835qx9productivityvk977d6n3zkhrwh7x8nv127drrd82pa5p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments