Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Maker
v1.0.0Create autonomous AI agents for OpenClaw with guided discovery — clarifies purpose, personality, skills, channels, automation, and security before generating...
⭐ 1· 50·0 current·0 all-time
byAnhNT@anhnt224
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, README, SKILL.md and scripts are consistent: this is a guided agent-creation toolkit that writes a workspace and recommends models/tools. It also documents how to patch gateway config and bind channels (Telegram/WhatsApp/Discord). No required env vars or unexpected credentials are declared, but the skill legitimately references channels that will require tokens if the user chooses them.
Instruction Scope
SKILL.md prescribes a multi-phase discovery flow and explicitly lists powerful agent tools (exec, write, browser, sessions_spawn, nodes.run, cron, etc.). The embedded guidance requires the agent to decide tool allow/deny lists; if misused this can enable high‑impact autonomous actions. A static-scan signal (unicode-control-chars) was found in SKILL.md — control characters can be used to obfuscate or alter what an evaluator or runtime sees, so the instructions should be inspected for hidden/altered text.
Install Mechanism
No install spec (instruction-only) and the included create-agent.sh runs locally to create files. The script does not fetch or execute remote code; it creates workspace files and writes local config. Risk is low if you review the script before running, since nothing is downloaded or auto-executed by the registry metadata.
Credentials
The skill declares no required environment variables, credentials, or config paths. It does show workflows that, if enabled, will need channel tokens (Telegram, WhatsApp, Discord) and may instruct modifying OpenClaw gateway config. Those credentials are optional for the skill but are necessary for channel bindings — manage them separately and do not paste secrets into the skill without review.
Persistence & Privilege
always:false and normal model invocation settings. The skill writes agent workspace files and suggests editing gateway config to enable the skill; it does not request permanent privileged inclusion. However, it explicitly supports creating autonomous (tier3) agents and enabling powerful tools — users should be cautious when granting autonomy or allowing exec/write/browser to created agents.
Scan Findings in Context
[unicode-control-chars] unexpected: Detected in SKILL.md. Control characters are not expected for a discovery flow and can be used to hide or manipulate text for prompt-injection. Recommend inspecting the SKILL.md and README for hidden characters or altered instructions before trusting the skill.
What to consider before installing
This skill appears to do what it says (build agent workspaces) but exercise caution before installing or running any scripts. Actions to take:
- Manually review SKILL.md, README.md and scripts/create-agent.sh for hidden control characters and unexpected commands. Remove or normalize unicode control chars.
- Do not run scripts as root; run in a sandbox or throwaway account. Review exactly what files will be written and where (the script writes to the --workspace path you supply).
- Be conservative with tool permissions for agents you create: deny exec, write, browser, nodes.run unless you fully trust the agent and have reviewed its behavior.
- Treat channel tokens (Telegram/WhatsApp/Discord) as sensitive: configure them outside the skill and only bind channels when necessary.
- If you plan to enable high-autonomy (tier3), test with tier1/tier2 first and monitor actions closely.
If you want, I can highlight any suspicious lines in create-agent.sh or normalize the SKILL.md to strip control characters and show the clean text.Like a lobster shell, security has layers — review code before you run it.
latestvk970zgv03w5phwwpzmqrzjyv1983jaeq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.