ClawHub
Back to skill
v1.0.2

openclaw skill creator

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:01 AM.

Analysis

This appears to be a local, user-directed skill generator, but the skills it creates may add persistent access to files or external accounts, so generated code and credentials should be reviewed before installation.

GuidanceThis skill looks acceptable to install if you want help drafting OpenClaw skills. Before enabling any generated skill, read the generated SKILL.md, verify the dependency install commands, limit API tokens to the minimum needed permissions, and add confirmation steps for actions like posting messages or accessing private data.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
handler.ts
const result = await client.chat.postMessage({
    channel: channel || DEFAULT_CHANNEL,
    text,
  });

The generated Slack template can post messages to a Slack channel when a user installs it and provides a token. This is aligned with the advertised Slack-messenger purpose, but it can affect shared team communication.

User impactA generated Slack skill could send messages to real channels if installed with a valid Slack bot token.
RecommendationOnly install generated posting skills for channels you intend to automate, and consider adding an explicit confirmation step before sending messages.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
handler.ts
'Install dependencies: npm install googleapis',
'Install dependencies: npm install @slack/web-api',
'Install dependencies: npm install csv-parser'

Generated setup instructions ask users to install third-party npm packages without pinning versions. This is expected for generated integration skills, but it introduces normal dependency supply-chain considerations.

User impactInstalling generated skills may add third-party packages to the user's local environment.
RecommendationReview generated dependency lists, prefer pinned versions where practical, and install packages from trusted registries.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
handler.ts
keyFile: process.env.GOOGLE_CALENDAR_CREDENTIALS,
    scopes: ['https://www.googleapis.com/auth/calendar.readonly']

The generated Google Calendar template uses a credential file and a read-only calendar scope. This is purpose-aligned and reasonably scoped, but it still gives the generated skill access to private calendar data.

User impactIf installed, a generated calendar skill can read calendar events using the credential file the user supplies.
RecommendationUse least-privilege credentials, store credential files securely, and remove tokens or credentials for generated skills you no longer use.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
handler.ts
const skillMd = `---
name: ${template.name}
description: ${template.description}
---
...
${whatYouWant}

${whyYouNeedIt ? `## Why You Need This\n\n${whyYouNeedIt}\n\n` : ''}

The generated SKILL.md includes user-provided goal and reason text, which may become persistent agent context if the user saves it as a skill.

User impactText copied into a generated skill can influence the agent later whenever that skill is loaded.
RecommendationReview generated SKILL.md content before saving it, especially if the request text came from another person, document, or website.