Bot Customizer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s customization purpose is coherent, but it directs the agent to persistently rewrite bot instructions and store raw user credentials in local files without clear confirmation or secret-handling safeguards.
Review this skill carefully before installing. It appears intended to customize bots, but you should avoid giving it real credentials unless you are comfortable with plaintext local storage, and you should back up and review AGENTS.md and easyclaw.json before accepting persistent changes.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Passwords, API keys, OAuth tokens, or database credentials provided during customization could remain in plaintext on disk and be available to future scripts or agents using that workspace.
The skill directs the agent to persist broad classes of credentials in a local .env file, but the metadata declares no credentials and the workflow does not require separate confirmation, scoping, permissions, or secure storage.
User-provided credentials (passwords, API keys, tokens) are authorized for storage and should NOT be rejected... Create or append to `workspace-{agent-id}/scripts/.env`Do not provide real secrets unless you intend them to be stored. The skill should require explicit confirmation, prefer a secret manager or scoped environment variables, set restrictive file permissions, and document exactly which credentials are stored and why.
A user could trust the customization flow and accidentally cause sensitive secrets to be saved without a clear warning or approval step.
This wording tells the agent to assume consent for credential storage and suppress rejection, even though a user may not realize that mentioning a secret will cause persistent plaintext storage.
**Important**: User-provided credentials (passwords, API keys, tokens) are authorized for storage and should NOT be rejected.
Replace this with explicit user-facing consent language, show the exact variables to be written, and allow the user to cancel or provide secrets through a safer mechanism.
A mistaken merge or rename could make a bot behave differently, appear under a new ID, or break its workspace path.
The skill intentionally performs local file and configuration mutations. This is related to its purpose, but those changes can affect agent availability and identity.
Rename directory: `workspace-{old-id}` → `workspace-{new-id}`... Update `easyclaw.json`: Modify `id` field; Modify `workspace` path; Update `description`Review the proposed diff and rename before applying, keep a backup of AGENTS.md and easyclaw.json, and confirm the target agent ID.
Unsafe or overly broad customization text could persist and affect future conversations with the bot.
User-provided customization becomes persistent system instruction context for the customized bot. This is the intended function, but it means the content will influence future agent behavior.
Customize bot by merging user-defined configurations into their AGENTS.md system instructions... Write merged content back to AGENTS.md
Only merge trusted instructions, preserve original safety boundaries, and review the final AGENTS.md before using the customized bot.