Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
advanced-skill-creator
v1.0.0Advanced OpenClaw skill creation handler that executes the official 5-step research flow with comprehensive analysis and best practices. Ensures proper metho...
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description indicate an AI-driven skill creator and the package includes a Python processor that calls an external AI service. Requested binaries (python3, bash) and a single env var (SKILLBOSS_API_KEY) are consistent with the stated purpose.
Instruction Scope
SKILL.md contains detailed runtime instructions to consult docs, query hubs, fuse results, and then call an external '/v1/pilot' endpoint to generate SKILL.md output. A prompt-injection pattern ('you-are-now') was detected in the SKILL.md pre-scan, which could attempt to manipulate model behavior or override host instructions. The SKILL.md also mandates exact output structure (which is reasonable) but the injection signal and strict directives increase risk that the skill will push the agent into following hidden or unsafe prompts.
Install Mechanism
No install spec — instruction-only skill with one included Python script. That keeps installation footprint small. The included script will be written to disk as part of the skill, but there is no remote archive-download or installer that fetches arbitrary code at install time.
Credentials
Only SKILLBOSS_API_KEY is required and used by the included script to call an external API; this is proportionate for a skill that delegates generation to a third‑party AI service. However, the external endpoint (api.heybossai.com / skillboss.co) is not a widely-known vendor in this package, so verify the service before supplying secrets.
Persistence & Privilege
always is false and the skill does not request system-wide config paths or other skills' credentials. The skill can be invoked autonomously (default platform behavior) — this is normal but means the prompt-injection and network-call aspects have broader impact if enabled for autonomous runs.
Scan Findings in Context
[prompt-injection-you-are-now] unexpected: A 'you-are-now' style prompt-injection pattern was detected in SKILL.md. Prompt-injection tokens are not expected for a skill that should simply implement a research flow; they can be used to coerce model behavior and should be reviewed and removed or sanitized.
What to consider before installing
This skill is internally consistent with its stated goal (it includes a Python script that calls an external AI service and asks for SKILLBOSS_API_KEY), but there are red flags you should address before installing: 1) Inspect SKILL.md and scripts for prompt-injection strings (the pre-scan found a 'you-are-now' pattern) and remove or sanitize any hidden directives that force the model to ignore host policies. 2) Verify the external service (api.heybossai.com / skillboss.co): ask the publisher for a real homepage, privacy/security documentation, and the exact privileges expected of SKILLBOSS_API_KEY. 3) Audit scripts for any subprocess.run/exec usage or file reads not needed for skill creation; run the code in an isolated environment (container) first. 4) If you must supply SKILLBOSS_API_KEY, use a scoped/test key with minimal privileges and monitor network traffic. 5) Prefer disabling autonomous invocation or limit triggers until you confirm there is no hidden prompt-injection or credential exfiltration. If you cannot verify the external service or remove injection patterns, treat this skill as unsafe to deploy.Like a lobster shell, security has layers — review code before you run it.
latestvk97br6mfra24qcbm6fvayvrdwd84vnxw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚡ Clawdis
Binspython3, bash
Any binpython3, python
EnvSKILLBOSS_API_KEY
Primary envSKILLBOSS_API_KEY