ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AnyGen Suite

v2.0.1

AnyGen: AI-powered content creation suite. Create slides/PPT, documents, diagrams, websites, data visualizations, research reports, storybooks, financial ana...

1· 898·3 current·3 all-time
byAnyGenIO@logictortoise
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (AI content generation) align with required binary (anygen) and primary credential (ANYGEN_API_KEY). The declared node package (@anygen/cli) provides the anygen binary, which is appropriate for the described functionality.
Instruction Scope
SKILL.md confines actions to using the AnyGen CLI and its auth flows (browser login, API key or env var). It does not instruct reading unrelated files, scanning system paths, or exfiltrating data to endpoints outside the stated service (www.anygen.io).
Install Mechanism
Install uses an npm/node package (@anygen/cli) that creates the anygen binary — this is expected for a CLI skill but carries the typical npm risk vector (executing code obtained from the registry). The package source is not listed in the skill metadata (homepage unknown), so verifying the package provenance in npm or from the vendor is recommended.
Credentials
Only ONE credential is required (ANYGEN_API_KEY), which is proportional to a remote content-generation service. The SKILL.md references only that env var and the CLI auth; it does not request unrelated secrets or config paths.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide configuration changes, and contains no instructions to modify other skills. Default autonomous invocation is allowed (platform default) but not combined with other concerning permissions.
Assessment
This skill is internally consistent: it needs the AnyGen CLI and an AnyGen API key to function. Before installing, verify the @anygen/cli package on the npm registry or vendor site (confirm the publisher and package integrity), and only provide an API key with the minimum needed permissions. Be aware that installing the npm package runs code from the registry — if you don't trust the publisher, avoid installing or run in an isolated environment. If you later suspect misuse, revoke the API key and inspect anygen CLI configuration or logs.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsanygen
EnvANYGEN_API_KEY
Primary envANYGEN_API_KEY

Install

Node
Bins: anygen
npm i -g @anygen/cli
latestvk97023qmmc6g9jxyqb0j7ha0jn83xvj6
898downloads
1stars
10versions
Updated 23h ago
v2.0.1
MIT-0
AnyGenIO@logictortoise
latest
Download

AnyGen — Content Creation Suite

This skill uses the AnyGen CLI to generate content (slides, docs, diagrams, websites, images, research, and more) server-side at www.anygen.io.

Authentication

# Web login (opens browser, auto-configures key)
anygen auth login --no-wait

# Direct API key
anygen auth login --api-key sk-xxx

# Or set env var
export ANYGEN_API_KEY=sk-xxx

When any command fails with an auth error, run anygen auth login --no-wait and ask the user to complete browser authorization. Retry after login succeeds.

How to use

Follow the anygen-workflow-generate skill. Use anygen task operations to discover the correct operation type for the user's request.

If the anygen-workflow-generate skill is not available, install it first:

anygen skill install --platform <openclaw|claude-code> -y

Comments

Loading comments...