ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Creek

v2.1.0

Deploy and manage applications on Creek via the Creek CLI. Covers init, deploy, status, projects, deployments, rollback, env vars, custom domains, and dev se...

0· 45·0 current·0 all-time
byLawrence Lin@linyiru
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md clearly implements a Creek CLI deploy/manage skill (init, deploy, domains, env, rollback) which is coherent with the stated purpose — however the registry metadata claims no required binaries or env vars while the SKILL.md explicitly lists the 'creek' binary and CREEK_TOKEN. That mismatch (undeclared required credential/binary) is unexpected and should be resolved by the author.
!
Instruction Scope
Runtime instructions instruct the agent to run potentially destructive or sensitive commands with --yes (skip confirmations) and to use 'creek env ls --show --json' which reveals environment variable values (secrets). The guidance to 'follow breadcrumbs' and auto-enable --yes in non-TTY gives the agent broad, autonomous discretion to modify deployments, domains, and env vars. These actions are within a deploy tool's capabilities but are high-impact and not sufficiently constrained in the instructions.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk, which is the lowest install risk. SKILL.md suggests installing the Creek CLI via npm globally (npm install -g creek) but the package installation is not part of an automated install spec.
!
Credentials
The SKILL.md requires CREEK_TOKEN for authenticated operations, which is reasonable for a deploy tool — but the registry metadata did not declare any required env variables. The skill's commands can list and show env vars, set and remove them, manage domains, and perform rollbacks, so the token grants broad, account-level privileges. The required credential should be declared and users should be warned to use least-privilege/CI tokens and avoid exposing high-privilege keys.
Persistence & Privilege
always:false and normal model invocation are set (no forced always-on presence). The skill does not request to modify other skills or system-wide agent settings. Autonomous invocation plus the high-impact CLI commands is normal for a deployer but increases blast radius (not a metadata privilege issue itself).
What to consider before installing
This skill appears to be a legitimate Creek CLI wrapper, but there are important mismatches and high-impact instructions you should verify before installing. Ask the author to update the registry metadata to declare the required 'creek' binary and the CREEK_TOKEN environment variable. Only provide a CREEK_TOKEN with the minimum necessary scope (prefer ephemeral or CI tokens), and do not reuse a Cloudflare/organization master key. Be aware the skill tells the agent to run commands with --yes (no confirmations) and to show env values (--show) which can expose secrets; if you allow autonomous invocation, restrict the agent's permission or test in an isolated account/repo first. If you are unsure, request the source/homepage or a maintained install spec from the author before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk970k3d64hqjqz69498z5nv8c183webq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments