ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Doc Generator

v3.0.0

Use this skill any time the user wants to create, draft, or generate a written document or report. This includes: competitive analysis, market research repor...

0· 477·1 current·1 all-time
byAnyGenIO@logictortoise
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for document/report generation and the skill requires the anygen CLI and ANYGEN_API_KEY — these are appropriate and expected for a third‑party document generation service.
Instruction Scope
SKILL.md only instructs the agent to call the AnyGen CLI, perform authentication (web login or API key), and use the anygen-workflow-generate skill; it does not request unrelated files, system paths, or additional credentials.
Install Mechanism
Install spec is an npm/node package (@anygen/cli) that creates the anygen binary. This is coherent for a CLI dependency; npm installs carry the usual supply‑chain risk but the source is a normal package registry use, not an arbitrary URL or archive.
Credentials
Only a single service credential (ANYGEN_API_KEY) is required and it's declared as the primary credential. No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill is not force-included (always: false), and does not request elevated or cross-skill configuration changes. Autonomous invocation (disable-model-invocation false) is normal and not, by itself, concerning.
Assessment
This skill appears coherent, but because it installs a third‑party npm CLI and uses an API key, verify the @anygen/cli package and the AnyGen service before installing. Prefer a limited-scope API key (not a high‑privilege or long-lived key), review AnyGen's privacy/data handling, and consider installing the CLI in a controlled environment (or inspecting the package) if you are security-sensitive. If the skill's source/publisher is unknown, treat the npm package and API key with extra caution and avoid sharing secrets beyond the single required ANYGEN_API_KEY.

Like a lobster shell, security has layers — review code before you run it.

latestvk978rzh36bm6ns3jnp6acp8v5183xy4f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsanygen
EnvANYGEN_API_KEY
Primary envANYGEN_API_KEY

Install

Node
Bins: anygen
npm i -g @anygen/cli

Comments