Skillv1.0.0

ClawScan security

Ai Codegenerator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 3:36 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to be a general code generator but the included runtime only scaffolds a single FastAPI project to a hard-coded user path and ignores declared inputs, which is an incoherence you should understand before installing.
Guidance: This skill's name and docs imply a flexible code generator, but the bundled run.py only scaffolds a FastAPI app and writes files under /home/jason/.openclaw/workspace/generated/<project-name>. Before installing: (1) confirm you expect a FastAPI scaffolder (not a general code generator), (2) confirm where files will be written and whether that hard-coded path is acceptable or could overwrite data, (3) run the code in a safe sandbox first (it only writes files and prints JSON but will create directories), (4) inspect and/or run the generated code locally before deploying, and (5) note the script contains a likely runtime bug (imports UTC from datetime) and may fail — ask the author for a corrected, configurable output path and clarifications about how context/constraints are used.

Review Dimensions

Purpose & Capability: concernThe skill description and SKILL.md describe a general 'automatically generates code' capability with task/context/constraints. The provided run.py, however, only creates a FastAPI project scaffold (requirements.txt, README, app/main.py) and uses the 'task' mainly to name the project. It does not implement general code generation or honor 'context'/'constraints' beyond naming. This mismatch (generic marketing vs single-purpose implementation) is disproportionate and unexplained.
Instruction Scope: concernSKILL.md is minimal and does not document file-system effects or output path, but run.py writes files to disk under a hard-coded path (/home/jason/.openclaw/workspace/generated/<name>). The instructions do not warn about creating or overwriting files at that location. While the actions themselves are limited to local file writes (no network/credentials), the silent filesystem writes and path choice expand scope beyond what the SKILL.md states.
Install Mechanism: okThere is no install specification (instruction-only skill plus a local runner script). No downloads, package installs, or external installers are declared. This is the lower-risk install pattern.
Credentials: okThe skill declares no required environment variables or credentials and run.py does not access environment secrets. That is proportionate to the observed functionality. Note: the script uses a hard-coded filesystem path tied to a specific username ('jason'), which is a configuration oddity but not a credentials request.
Persistence & Privilege: okNo 'always' privilege or elevated persistence is requested. The skill does write files to disk in a fixed directory under the running user's permissions, which is normal for a code-scaffolding tool but should be clearly documented.