script creator with github companion
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: script-creator Version: 1.0.0 The skill's stated purpose of managing scripts with Git is benign, and its instructions to the AI agent include strong security constraints. However, the `SKILL.md` instructions implicitly create a critical shell injection vulnerability. The agent is instructed to directly substitute user-provided inputs (e.g., `<script_name>`, `<extension>`, `<package_name>`) into shell commands like `mkdir`, `touch`, `cd`, `pip install`, and `git commit` without any explicit guidance for sanitization. This allows a malicious user to inject arbitrary commands (e.g., `my_script; rm -rf /`) which the agent would then execute, leading to potential remote code execution. Additionally, the instruction to `pip install` user-specified packages introduces a supply chain risk, as malicious packages can execute arbitrary code during installation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent can create or modify files and Git history inside the configured workspace.
The skill instructs the agent to run local shell and Git commands that create files, directories, repositories, and commits. This is purpose-aligned and confirmation-gated, but it is still local mutation authority.
mkdir <script_name> ... git init ... touch <script_name>.<extension> ... git add . ... git commit -m "Initial commit: <script_name>"
Review the proposed directory, filename, and changes before confirming; use simple script names and ensure the path stays under ~/.nanobot/workspace/test.
Approving dependency installation can change the Python environment and may install packages you did not intend if names are wrong or ambiguous.
The skill may install Python dependencies by package name. That is expected for script creation, but the instructions do not require pinning versions or verifying package provenance.
source ~/.nanobot/workspace/venv/bin/activate pip install <package1> <package2> ... deactivate
Confirm package names carefully, prefer trusted packages, and consider pinned versions for reproducible scripts.
A package installed for one script could change behavior or compatibility for other Python scripts in the same workspace.
The skill uses one shared virtual environment for package management, so dependency additions or conflicts from one script can affect other scripts that reuse that environment.
Python virtual environment: `~/.nanobot/workspace/venv` ... pip install <new_package>
Use the shared venv only if that is acceptable; for stronger isolation, create per-script virtual environments or document/pin dependencies.