openclaw skill creator

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This appears to be a local, user-directed skill generator, but the skills it creates may add persistent access to files or external accounts, so generated code and credentials should be reviewed before installation.

This skill looks acceptable to install if you want help drafting OpenClaw skills. Before enabling any generated skill, read the generated SKILL.md, verify the dependency install commands, limit API tokens to the minimum needed permissions, and add confirmation steps for actions like posting messages or accessing private data.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Medium

What this means

A generated Slack skill could send messages to real channels if installed with a valid Slack bot token.

Why it was flagged

The generated Slack template can post messages to a Slack channel when a user installs it and provides a token. This is aligned with the advertised Slack-messenger purpose, but it can affect shared team communication.

Skill content

const result = await client.chat.postMessage({
    channel: channel || DEFAULT_CHANNEL,
    text,
  });

Recommendation

Only install generated posting skills for channels you intend to automate, and consider adding an explicit confirmation step before sending messages.

#ASI03: Identity and Privilege Abuse

Medium

What this means

If installed, a generated calendar skill can read calendar events using the credential file the user supplies.

Why it was flagged

The generated Google Calendar template uses a credential file and a read-only calendar scope. This is purpose-aligned and reasonably scoped, but it still gives the generated skill access to private calendar data.

Skill content

keyFile: process.env.GOOGLE_CALENDAR_CREDENTIALS,
    scopes: ['https://www.googleapis.com/auth/calendar.readonly']

Recommendation

Use least-privilege credentials, store credential files securely, and remove tokens or credentials for generated skills you no longer use.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

Installing generated skills may add third-party packages to the user's local environment.

Why it was flagged

Generated setup instructions ask users to install third-party npm packages without pinning versions. This is expected for generated integration skills, but it introduces normal dependency supply-chain considerations.

Skill content

'Install dependencies: npm install googleapis',
'Install dependencies: npm install @slack/web-api',
'Install dependencies: npm install csv-parser'

Recommendation

Review generated dependency lists, prefer pinned versions where practical, and install packages from trusted registries.

#ASI06: Memory and Context Poisoning

Low

What this means

Text copied into a generated skill can influence the agent later whenever that skill is loaded.

Why it was flagged

The generated SKILL.md includes user-provided goal and reason text, which may become persistent agent context if the user saves it as a skill.

Skill content

const skillMd = `---
name: ${template.name}
description: ${template.description}
---
...
${whatYouWant}

${whyYouNeedIt ? `## Why You Need This\n\n${whyYouNeedIt}\n\n` : ''}

Recommendation

Review generated SKILL.md content before saving it, especially if the request text came from another person, document, or website.