ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Company Creator

v1.1.0

Create agent company packages conforming to the Agent Companies specification (agentcompanies/v1). Use when a user wants to create a new agent company from s...

0· 81·0 current·0 all-time
by@marlowne12
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: the skill generates company packages and can wrap existing git repos. However the SKILL.md explicitly tells the agent to 'clone/read the repo' and to call git (e.g., git ls-remote) and to consult external URLs (agentcompanies.io, GitHub). The registry metadata lists no required binaries or credentials (e.g., git, GITHUB_TOKEN) — this omission is inconsistent with the described repo-mode behavior.
Instruction Scope
Instructions stay within the stated purpose: interview the user, analyze a repo (README, SKILL.md, agent configs), infer workflow, and create package files. The doc directs reading local paths and cloning remote repos, and recommends referencing upstream sources instead of vendoring. It does not instruct the agent to read unrelated system files or to exfiltrate information to unknown endpoints.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk by an installer. That's the lowest install risk.
!
Credentials
The skill requests no environment variables or credentials in metadata, but the runtime guidance expects network and git access and may need credentials for private repos or for calling git ls-remote on private repos. If you plan to run it against private repositories, the skill will require secrets (e.g., GITHUB_TOKEN) that are not declared, which increases the risk of ad-hoc secret sharing or accidental disclosure.
Persistence & Privilege
always is false and there are no install-time persistence behaviors. The skill does instruct the agent to write package files to disk (generate directories and COMPANY.md, AGENTS.md, etc.), which is appropriate for its purpose and scoped to the package being created.
What to consider before installing
This skill appears to do what it says (scaffold company packages and optionally wrap git repos) but pay attention before running it: it expects to read local paths and to clone/read remote git repos (and to call git commands). The registry metadata did not declare git as a required binary or any credentials (e.g., GITHUB_TOKEN) for private repos — be cautious about giving the agent network access or pasting secrets into the chat. If you will use it with private repositories, prefer supplying credentials via a controlled, audited mechanism and test it in a sandbox or isolated workspace first. Also watch the files it writes so it only creates the package you expect.

Like a lobster shell, security has layers — review code before you run it.

latestvk975w8rpra4528sy5b2pzhv25s83qew1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments