Back to plugin

Security audit

Skill Creator

Security checks across malware telemetry and agentic risk

Overview

The skill's code, scripts, and runtime instructions are coherent with its stated purpose (scaffolding and validating OpenClaw skills); it does not request credentials or exotic installs, but it does assume and write to a specific filesystem path so review scripts before running them.

This skill appears to do what it says: scaffold and validate OpenClaw skills. Before running: (1) inspect the two Python scripts locally to confirm they match the provided sources (they are simple and benign-looking), (2) be aware they read/write under /home/ubuntu/skills — adjust SKILLS_BASE_PATH if you use a different environment or want to avoid writing to that path, (3) run scripts with a non-privileged account or in an isolated environment if you have concerns, and (4) validate that sending the generated SKILL.md via your platform's message/frontend flow is acceptable for your data policy. If anything in the scripts differs from the bundle, stop and investigate further.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.