Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Workflow
v0.1.0Build, run, and visualize multi-step AI generation workflows. The AI architect translates natural language descriptions into connected node graphs — chain im...
⭐ 0· 199·0 current·0 all-time
byAnil Chandra Naidu Matcha@anil-matcha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (build and run muapi workflows) align with the included shell wrappers that call `muapi workflow ...`. However the skill does not declare that the `muapi` CLI is required in its registry metadata even though every script depends on it; the SKILL.md additionally instructs reinstalling a local `muapi-cli` source tree, which is unusual and should have been declared.
Instruction Scope
The SKILL.md directs the agent to 'reinstall from source at the start of every session' via `pip install --upgrade /path/to/muapi-cli` (a path in the workspace). That instruction effectively tells the agent to run package installation of arbitrary local code each session, which can result in arbitrary code execution. Otherwise the runtime instructions are scoped to listing, creating, editing, and running workflows and specify that the agent must ask the user for required inputs (good constraint).
Install Mechanism
There is no formal install spec, but the guidance to run `pip install --upgrade /path/to/muapi-cli` is a high-risk install pattern because it installs code from an unspecified local path (workspace). This will write and execute code on the agent environment and was not codified in the registry metadata; no checksums or known release sources are provided.
Credentials
The skill requests no env vars, which is reasonable, but the run wrapper accepts a `--webhook` argument and forwards it to `muapi workflow execute`. That provides a straightforward channel to send workflow outputs to an arbitrary external endpoint if used — a possible exfiltration vector. Combined with the SKILL.md's install-from-workspace instruction, the overall credential/IO surface is larger than the description suggests.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills, and contains only small shell wrappers. It doesn't request elevated platform privileges in the manifest.
What to consider before installing
This skill is coherent with its claimed purpose (it wraps the muapi CLI), but two things need your attention before installing or allowing autonomous runs: (1) SKILL.md tells the agent to run `pip install --upgrade /path/to/muapi-cli` every session — installing code from an unspecified workspace path can run arbitrary code and should only be done if you control and have audited that repository; (2) the run script allows specifying a `--webhook` URL which could be used to send outputs to any external endpoint, so avoid providing untrusted webhook URLs and confirm you trust the destination. If you plan to use this skill, require the user to confirm any install-from-source step and avoid using webhooks or review their endpoints. If possible, ask the publisher for an explicit declaration of the required muapi CLI binary (version/source) or a vetted install mechanism (e.g., a specific PyPI release or GitHub release URL with checksum).Like a lobster shell, security has layers — review code before you run it.
latestvk97945qe83v0qcwnekp90hc3a982v3m8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.