AnyGen Suite
Security checks across static analysis, malware telemetry, and agentic risk
Overview
AnyGen is mostly aligned with content generation, but it tells the agent to auto-install a separate unreviewed workflow skill and requires an AnyGen account credential.
Install only if you trust AnyGen and are comfortable sending content to www.anygen.io. Before allowing the extra `anygen-workflow-generate` install, ask to review its source/version and approve it explicitly. Use a revocable API key and avoid submitting confidential materials unless the provider's terms meet your needs.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could add unreviewed workflow instructions or code that changes how it behaves in later tasks.
The skill depends on another skill that is not included in the manifest or install specification, and the command uses `-y` to auto-confirm installation into the agent environment.
If the `anygen-workflow-generate` skill is not available, install it first: ```bash anygen skill install --platform <openclaw|claude-code> -y ```
Require explicit user approval before installing the extra skill, declare and pin its source/version, provide reviewable artifacts, and avoid auto-confirming installation.
Commands may run under the user's AnyGen account and could consume quota or create provider-side artifacts.
The skill requires an AnyGen API key or login. This is expected for the service, but it gives the CLI delegated access to the user's AnyGen account.
requires:
bins:
- anygen
env:
- ANYGEN_API_KEY
...
anygen auth login --api-key sk-xxxUse a revocable, least-privilege API key if available, avoid pasting secrets into shared chats, and confirm which account is being authorized.
Sensitive documents, CSVs, research materials, or financial information could be processed by an external provider.
The artifacts disclose that generation happens on AnyGen's server, so user prompts, source material, or uploaded files may leave the local environment.
This skill uses the AnyGen CLI to generate content (slides, docs, diagrams, websites, images, research, and more) server-side at `www.anygen.io`.
Only send content you are comfortable sharing with AnyGen, and review the provider's privacy, retention, and compliance terms before using sensitive data.