Maverick Process To Skill
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: maverick-process-to-skill Version: 1.0.0 The skill is designed to automate user-described processes and save them as new, reusable skills by creating folders and files (SKILL.md, agents/openai.yaml) on the local system. This 'meta-skill' capability is inherently risky as it allows for the generation of new executable instructions and potential persistence of malicious workflows if the input is not strictly validated. While it includes guardrails like requiring user confirmation, the ability to write to the skill library and execute arbitrary user-defined steps in SKILL.md makes it a high-privilege tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A workflow the user approves may become a reusable local skill that can be invoked later.
The skill can create persistent local agent instructions, which is expected for its purpose but affects future agent behavior.
If the user says yes, create a new skill folder with a trigger-focused `description`, concise workflow instructions, and `agents/openai.yaml` metadata.
Only save workflows you actually want reused, and review the generated skill before relying on it.
Information or procedural instructions included in a saved process may be reused later by the agent.
The skill stores user-described workflow content as reusable instructions, so sensitive details or unsafe instructions included by the user could persist into future use.
When saving a process, capture: - Goal: What business outcome this process produces. - Inputs: Required user-provided data. - Steps: Deterministic sequence to run.
Avoid saving secrets, private customer data, or unreviewed instructions inside generated skills.
If the described process involves changing files, accounts, or business records, the agent may try to carry out those steps.
The skill is intentionally broad because it automates user-described processes; this is purpose-aligned, but any risky external effects depend on what process the user provides.
Execute or automate the process for the current request.
For processes that modify important data or external systems, ask the agent to show the planned steps and get explicit approval before execution.