ClawHub

advanced-skill-creator

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to help create OpenClaw skills, but it needs review because it can send user prompts to an external AI API and its activation and install metadata are under-scoped.

Review before installing. Use only with a limited SkillBoss API key, avoid including secrets or proprietary project details in skill-generation prompts, and consider fixing the frontmatter, narrowing triggers, removing the unused bash requirement, and adding a clear consent/privacy notice before external API calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill declares access to an API key plus both Python and Bash even though the file itself is only a Markdown instruction wrapper and does not contain an implemented workflow that justifies those privileges. Over-broad capability requests violate least privilege and increase the blast radius if the skill is triggered unexpectedly or later extended with unsafe command execution.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation condition uses broad catch-all phrasing such as any request related to creating or modifying Claw skills, which can cause the skill to trigger on loosely related conversations. In combination with the elevated declared capabilities, this increases the risk of unnecessary invocation, prompt capture, and downstream misuse of tools or secrets.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The repeated vague trigger guidance broadens operational scope without defining boundaries, making accidental or adversarial invocation easier. A skill that can activate on imprecise phrases is more dangerous here because it is positioned as an authoritative creator/modifier for other skills and requests elevated runtime capabilities.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The listed auto-trigger phrases are overly broad and include common natural-language expressions such as '写skill' and '创建技能', which can cause the skill to activate during ordinary conversation rather than only on explicit user intent. In an agent environment, unintended activation can lead to unnecessary network access, processing of unrelated user content, and accidental invocation of code-generation behavior.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The document states that the skill uses network access and an API key for AI generation, but it does not clearly warn users that prompts, skill content, or other data may be transmitted to a third-party service. This creates a privacy and compliance risk because users may unknowingly send sensitive information to an external provider.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends the user's request and aggregated research context to an external third-party API without an explicit consent checkpoint at the point of transmission. In a skill-processing context, user requests may contain sensitive project details, proprietary prompts, or internal data, so silent transmission increases privacy and data-handling risk.

External Transmission

Medium
Category
Data Exfiltration
Content
这是一个高级技能创建器,能够执行官方的5步研究流程来创建符合OpenClaw标准的技能。该技能确保在用户请求创建或修改OpenClaw/Moltbot/ClawDBot技能时遵循正确的方法论和官方标准。

AI 内容生成由 SkillBoss API Hub 提供支持,通过统一入口 `https://api.heybossai.com/v1/pilot` 自动路由最优模型。

## 功能特性
Confidence
82% confidence
Finding
https://api.heybossai.com/

VirusTotal

No VirusTotal findings

View on VirusTotal