ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Creator

v1.0.0

Create, update, evaluate, and manage skills across agents by defining intent, drafting, testing, benchmarking, iterating, and distributing them within a 2-la...

0· 57·0 current·0 all-time
byHulk@hulk-yin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (skill-creator) match the included scripts and agents for drafting, benchmarking, and packaging skills — the code files (scripts/, agents/, eval-viewer/) are consistent with a skill-authoring toolkit. However, the SKILL.md contains an internal inconsistency: it forbids creating skills named 'skill-creator' (reserved names) while this package is named 'skill-creator', which is suspicious and should be explained by the publisher.
!
Instruction Scope
Runtime instructions direct the agent to create files under ~/.skills/, run evaluation loops, use scripts that read arbitrary workspace directories and transcripts, and use eval-viewer/generate_review.py to serve embedded workspace data over HTTP. generate_review.py also invokes subprocesses (lsof) and may kill processes to free a port. These behaviors go beyond passive guidance: they read/write local files, start a local server that will expose workspace contents to a browser, and can terminate processes — all of which are powerful actions that should be run only with explicit user consent and review.
Install Mechanism
No install spec (instruction-only + included scripts) reduces installer risk, but the bundle contains many runnable Python scripts. There is no automatic package download, but the scripts assume they'll be executed — review them before running. The eval viewer references external fonts (fonts.googleapis.com), which will cause outbound network requests from the browser when viewing reports.
Credentials
The skill requests no environment variables, credentials, or config paths. The lack of credential requests is proportionate to an authoring/eval tool. That said, the skill's instructions expect access to the user's ~/.skills/ and arbitrary workspace directories — this file-system access is inherent to the purpose but is sensitive and worth verifying before granting.
Persistence & Privilege
The skill is not marked 'always: true' and does not request elevated platform privileges. It does instruct creating and writing skill files into ~/.skills/ and to use a skill-manager sync script to distribute skills across agents — these are reasonable for a skill-creator but mean the tool will modify local skill state if you run its packaging/syncing steps.
What to consider before installing
This package appears to be a legitimate toolkit for authoring and evaluating skills, but it performs powerful local actions. Before installing or running it: - Verify provenance: there is no homepage and the owner is unknown; prefer a trusted repository/source. - Review the scripts (especially scripts/* and eval-viewer/generate_review.py). They read workspace directories, embed files into HTML, start a local HTTP server, and call subprocesses (including lsof) and os.kill to free ports — understand and agree to those behaviors. - Pay particular attention to instructions that write to ~/.skills/ and suggest running a sync script: these will add or modify skill files and can affect which agents see which skills. - The SKILL.md contains a strange inconsistency (it says never create skills named 'skill-creator' yet this package uses that name). Ask the publisher for clarification or prefer a clearly documented upstream repository. - Run the tooling in an isolated environment (temporary VM, container, or throwaway account) and do not point it at directories containing sensitive data until you are confident it behaves as expected. - If you plan to allow autonomous invocation, be cautious: the tool can be used to create other skills and generate content that may be auto-distributed. Consider manual review steps or limiting its permissions. If you want, I can highlight the exact lines in the scripts that call subprocess/os.kill, or summarize what the eval-viewer will serve from a sample workspace so you can judge exposure more precisely.

Like a lobster shell, security has layers — review code before you run it.

latestvk974hkxn6nkp7r2pj5j6kevsa983en17

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments