Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (workflow orchestration for ad production) aligns with the SKILL.md and the included TypeScript: it defines workflows, steps, dependencies, start/pause/resume, and templates for ad pipelines. The declared requirements (no env vars, no binaries) are consistent with a pure in-agent orchestrator.
Instruction Scope
SKILL.md and the code show the orchestrator invokes other skills/actions via api.executeAction with user-provided step.skill and step.command. The workflow supports condition strings ("condition") and template placeholders ("{{...}}") that are evaluated against runtime context. If those evaluations are implemented using eval/Function or unsafe template evaluation, they could execute arbitrary code or be used to escalate actions. The SKILL.md does not describe safety/permission boundaries or validation of invoked skill names/commands.
Install Mechanism
No install spec or external downloads; it's instruction-only plus a TypeScript source file. No packages or external binaries are pulled in, which reduces supply-chain risk.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for an in-agent orchestrator. There are no surprising credential requests in the manifest.
Persistence & Privilege
always:false (not force-installed). disable-model-invocation:false (agent may call the skill autonomously) — this is the platform default. Because the orchestrator can invoke arbitrary skills/actions, autonomous invocation increases blast radius if workflows are maliciously crafted; consider limiting which workflows or which target skills it may call.
What to consider before installing
This skill appears to implement a legitimate workflow orchestrator, but you should not install it into a production agent without a few checks: 1) Inspect the complete index.ts (search for use of eval, new Function, vm, template engines, child_process, fetch/http requests, or any direct filesystem/network calls). If condition evaluation or template substitution uses eval/new Function, request that the author replace it with a safe evaluator or whitelist variables and operations. 2) Confirm the orchestrator enforces an allowlist of skills/actions it may call (don’t let workflows invoke arbitrary sensitive skills like credential managers or deployers). 3) Run it in a sandboxed agent or test environment first and exercise workflows with controlled inputs. 4) If you cannot review the full code, treat this as higher-risk and avoid granting it access to agents that can perform sensitive operations. If you want, provide the full (untruncated) index.ts and I can look specifically for eval/unsafe template patterns and other risky APIs.Like a lobster shell, security has layers — review code before you run it.
latestvk978t8193pcn5hcqm1na5rr2kd837mf9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔄 Clawdis