Skill Forge
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: lobster-skill-forge Version: 1.0.0 The SkillForge bundle is an automation toolkit designed to generate, optimize, and deploy OpenClaw skills. The included Python scripts (e.g., forge-pro.py, agent-line.py, and forge.py) automate the creation of SKILL.md files, agent configurations, and deployment scripts within the local workspace. While the bundle includes capabilities for automated publishing via 'clawhub' and browser-based automation (browser-use), these actions are transparently documented and align with the stated purpose of a skill production pipeline. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated or modified skill could be published to the user's ClawHub account publicly before the user has reviewed the exact contents.
The code can publish a generated skill through the ClawHub CLI while suppressing confirmation with -y. Public publishing is purpose-aligned, but it is high-impact and the artifact does not show a final preview, approval, or visibility safeguard.
result = run(["clawhub", "publish", "-y"], cwd=skill_dir, capture_output=True, text=True)
Make publishing dry-run by default, remove automatic -y confirmation, show the final files and visibility setting, and require explicit user approval immediately before publishing.
The skill may act with the user's publishing authority without a clearly declared credential boundary or account scope.
Publishing through the ClawHub CLI likely uses the user's local ClawHub session or credentials, while the registry metadata declares no primary credential and no required environment variables.
result = run(["clawhub", "publish", "-y"], cwd=skill_dir, capture_output=True, text=True)
Declare the ClawHub credential/account requirement, document which account permissions are used, and require the user to confirm the target account and publication scope.
Untrusted or malformed input could become persistent SKILL.md content that future agents may load and trust as instructions.
The script writes persistent skill instructions into the local skills directory using user-provided descriptions and source skill names, with no visible sanitization or escaping.
with open(os.path.join(path, "SKILL.md"), "w") as f:
f.write(generate_skill_md(safe_name, desc, sources))Validate and escape user-provided text before writing SKILL.md, prevent instruction-like payloads from becoming authoritative, and show a diff for approval before saving generated skills.
A mistake in generated content can spread into Agent configuration and public publication workflows, increasing the blast radius beyond one local file.
Generated Agent configs default to public publishing metadata, so a bad generated skill or poisoned input can propagate from local generation into a deployable/public artifact.
"deploy": {
"platform": "clawhub",
"config": {
"publish": True,
"visibility": "public",
"pricing": "free"
}
}Default generated deployment settings to private/draft, require explicit promotion to public, and add validation plus rollback instructions.