ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Creative Ops Copilot

v0.1.0

Convert client briefs into detailed motion design/VFX production plans, estimates, and invoice drafts with optional project folder setup and invoicing API in...

0· 737·2 current·2 all-time
by@wiseape11
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the included script and SKILL.md. Required resources are minimal (no env vars, no external binaries). The invoicing API fields in the example config are directly related to the advertised 'push invoice' feature.
Instruction Scope
SKILL.md limits actions to ingesting a brief (text or file), generating structured outputs and optional local project skeleton creation, and only posting to an invoicing API when configured and explicitly requested. It does not instruct the agent to read unrelated system files or env vars.
Install Mechanism
No install spec — instruction-only plus a bundled Python script. This has low install risk; it expects a Python runtime but does not download or execute external code.
Credentials
The skill requests no environment variables. It does support an optional invoicingApi.apiKey in a local config file; storing an API key is reasonable for the 'push invoice' feature but the user should ensure the baseUrl is a trusted endpoint and avoid placing sensitive keys in configs unless necessary.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide settings. It writes outputs to an output path/skeleton (normal). The skill can be invoked autonomously by the agent (platform default), but there are no additional elevated privileges requested.
Assessment
This skill appears to do what it says: convert briefs into plan/estimate/invoice draft files and optionally create a project folder. Before using or enabling it: 1) Inspect and, if needed, edit skills/creative-ops-copilot/references/config.json — set invoicingApi.baseUrl only to a trusted local/organizational endpoint and avoid storing sensitive API keys unless necessary; 2) Run the script in a controlled directory to see what files it creates (it writes docs/creative-ops/* and optionally a project folder); 3) Be aware that enabling autonomous invocation (platform default) could let the agent run the script and, if configured and instructed to “push it,” send the invoice payload to the configured baseUrl — that network action is explicit and opt-in. If you want tighter control, keep invoicingApi.baseUrl unset or leave apiKey empty until you explicitly configure it.

Like a lobster shell, security has layers — review code before you run it.

latestvk975vbd447jpfb03q2r09q4rgd818y97
737downloads
0stars
1versions
Updated 8h ago
v0.1.0
MIT-0
@wiseape11
latest
Download

Creative Ops Copilot

What to do

  1. Ask for (or infer) the input brief:
  • Paste text directly, or
  • Provide a file path to a brief/email/thread export.
  1. Produce these outputs (always):
  • docs/creative-ops/plan.md (client-ready)
  • docs/creative-ops/estimate.json (structured line items)
  • docs/creative-ops/invoice-draft.json (ready for API import later)
  1. If Chris wants it, also:
  • Create a project folder skeleton (AE/C4D/Octane-friendly) with a docs/README.md.
  • POST the invoice draft to the local invoicing API (only if base URL is configured and Chris says “push it”).

Canonical output structure (plan.md)

  • Project summary (one paragraph)
  • Goals / Success criteria
  • Deliverables (matrix)
    • Format, duration, aspect ratios, versions, audio deliverables
  • Workflow assumptions
    • what’s included, what’s not, number of review rounds
  • Open questions (what you still need answered)
  • Production plan
    • phases + milestones + review windows
  • Risks / dependencies
  • Estimate
    • line items + hours + rate + subtotal + contingency
  • Next actions

How to generate reliably

Prefer generating structured data first, then render it:

  1. Extract entities
  • Client name
  • Project name
  • Deadline/date constraints
  • Deliverables list
  • Constraints (brand, legal, footage supply, approvals)
  1. Decide the production approach
  • Template-driven vs bespoke
  • 2D AE vs 3D C4D vs mixed
  1. Estimate with motion/VFX realism
  • Prepro (briefing, styleframes, boards)
  • Production (anim, 3D, comp)
  • Audio/music/licensing (if applicable)
  • Renders, exports, versioning
  • PM/admin buffer

Scripts (recommended)

Use the bundled script to create consistent outputs:

python skills/creative-ops-copilot/scripts/creative_ops_copilot.py --brief "<paste brief>" --out .

If the brief is a file:

python skills/creative-ops-copilot/scripts/creative_ops_copilot.py --brief-file "C:\path\to\brief.txt" --out .

To also create a project skeleton:

python skills/creative-ops-copilot/scripts/creative_ops_copilot.py --brief "..." --out . --skeleton

To attempt pushing the invoice draft to your local invoicing API (only if configured):

python skills/creative-ops-copilot/scripts/creative_ops_copilot.py --brief "..." --out . --push-invoice

Configuration

Optional config file:

  • skills/creative-ops-copilot/references/config.example.json

Copy to:

  • skills/creative-ops-copilot/references/config.json

Then edit:

  • invoicingApi.baseUrl
  • invoicingApi.apiKey (if needed)
  • rateCard defaults

Notes

  • Keep outputs concise, clean, and client-ready.
  • When anything is missing/ambiguous, surface it under Open questions instead of guessing.

Comments

Loading comments...