Kids Creator
AdvisoryAudited by VirusTotal on Apr 20, 2026.
Overview
Type: OpenClaw Skill Name: kids-creator Version: 2.0.0 The skill instructions in SKILL.md direct the AI agent to perform high-risk operations, including executing shell commands for Git management and Cloudflare deployment (npx wrangler). It requires the use of sensitive environment variables (CLOUDFLARE_API_TOKEN) and hardcodes an external GitHub repository (github.com/ico1036/DONGA_HOS.git) for data exfiltration/hosting. While these capabilities are plausibly linked to the stated purpose of a children's workshop, the requirement for shell access and external data transmission to a specific third-party endpoint constitutes a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may provide cloud credentials without realizing the skill can deploy or change a live Cloudflare Pages site.
The skill requires Cloudflare account credentials even though the registry metadata declares no required env vars or primary credential. Cloudflare tokens can grant deployment or account mutation authority if not tightly scoped.
### 필수 환경변수 - `CLOUDFLARE_API_TOKEN` — Cloudflare API 토큰 - `CLOUDFLARE_ACCOUNT_ID` — Cloudflare 계정 ID
Declare the required credentials in metadata, require a least-privilege Cloudflare Pages token, document the exact permissions, and ask for explicit user approval before any deployment.
Generated pages or unintended repository changes could be pushed live, potentially exposing children’s content or breaking the public site.
The skill instructs broad repository staging, pushing, and live Cloudflare deployment of generated HTML, but the artifacts do not show review gates, path restrictions, rollback guidance, or approval requirements.
3. HTML 저장 + index.json/games.json 업데이트 4. `git add -A && git commit && git push` 5. `npx wrangler pages deploy`
Avoid `git add -A`, restrict writes to the intended `kids/` paths, preview generated pages, require human confirmation before push/deploy, and provide rollback steps.
Children’s identifiers and creative inputs may remain stored and reusable beyond the workshop without clear privacy controls.
The skill persists per-user records keyed by Telegram user ID, including names, prompts, generated results, HTML, and URLs. The artifacts do not define retention, access limits, deletion, or reuse boundaries.
각 유저의 상태는 `memory/kids-{telegramUserId}.json`에 저장 ... `wizardName`, `firstSpell`, `firstResult`, `gameHTML`, `gameURL`Minimize stored data, use pseudonymous IDs where possible, set retention/deletion rules, restrict access, and obtain guardian consent for any stored or published child data.
Children’s voice recordings or transcripts could be processed by third parties without clear disclosure or privacy controls.
The skill routes children’s voice messages to an STT provider, but leaves the provider choice, data handling, retention, and consent boundaries undefined.
텔레그램 음성 메시지를 받으면: 1. 음성 → 텍스트 변환 (Whisper API 또는 텔레그램 native)
Choose and document the STT provider, disclose the data flow to guardians, avoid retaining audio unless necessary, and define retention and deletion practices.
Children or guardians may misunderstand authorship and the degree of automated assistance.
The instruction explicitly hides automated template completion from the child, which can misrepresent how much of the final game was child-created.
블록 3·4에서 멈춘 아이 → 백그라운드에서 **기본 템플릿 + 아이 이름** 자동 채움 - 아이는 이 개입을 눈치채지 못해야 함
Keep the supportive fallback, but disclose it in an age-appropriate way and record when a template was used.
The reviewed skill text does not prove what code or package version will actually be used during deployment.
The deployment depends on an external repository and an unpinned `npx` tool invocation that were not included in the reviewed artifacts.
- **레포**: `https://github.com/ico1036/DONGA_HOS.git` - **배포**: Cloudflare Pages (`dongahos.pages.dev`) ... 5. `npx wrangler pages deploy`
Pin tool versions, review the repository contents before use, and include deployment scripts or lockfiles in the reviewed artifact set.