Skill Creator Operator
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign skill scaffolder that writes local skill files and can guide publishing only when the user asks.
This skill is reasonable to install if you want help creating OpenClaw skills. Be careful when running the scaffolding script so it writes to the intended directory, and treat publishing as an account-level action: review generated files for private paths, tokens, or personal information before using the ClawHub publish command.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the scaffolder will create or replace scaffold files under the selected slug directory.
The helper creates directories and writes generated scaffold files in a target directory. This is central to the skill's purpose, but users should choose the output path carefully.
const skillDir = path.join(outDir, slug); ... fs.writeFileSync(path.join(skillDir, "SKILL.md"), skillMd, "utf8");
Run it in a new or intended skills directory, and review generated files before editing or publishing them.
Publishing uses the user's ClawHub account and may make a skill version publicly available or update a registry entry.
The skill documents an authenticated ClawHub publishing action. It is purpose-aligned and requires the user to ask, with confirmation and review steps.
If the user asks to publish: ... Ensure `clawhub whoami` is authenticated. ... Run `clawhub publish <path> --slug <slug> --name "<Name>" --version <x.y.z>`
Confirm the slug, version, changelog, and target path, and review files for secrets or private data before publishing.
Preferences or setup answers for generated skills may remain on disk and be reused later.
The skill's recommended pattern stores persistent configuration for generated skills. The artifacts bound this to workspace/global config paths and caution against storing secrets.
It persists config to disk ... Write config to the workspace ... Never store secrets in long term memory files.
Keep configuration non-sensitive, inspect the generated config path if needed, and delete or reconfigure it when preferences change.