ClawHub
Back to skill

Security audit

Advanced Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real AI-assisted skill generator, but it needs review because it sends prompts to a third-party API and overstates its research behavior.

Install only if you are comfortable sending skill-generation prompts and generated context to SkillBoss using SKILLBOSS_API_KEY. Treat its research output as AI-assisted draft material, not verified current documentation, and avoid using it with proprietary prompts, credentials, or private code unless the data-sharing terms are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares environment and binary requirements but does not clearly disclose or constrain the effective capabilities implied by the workflow, including shell execution and outbound network use via an external API. In a skill-creation context, hidden or under-specified capabilities are dangerous because they can expose secrets such as API keys, enable unintended command execution, or surprise users/admins about data leaving the local environment.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The documented purpose says the skill performs an official research flow, but the actual behavior includes sending user requests and research context to a third-party API and simulating research with hardcoded outputs rather than truly consulting the referenced sources. This is dangerous because users may unknowingly disclose sensitive prompts or proprietary skill content to an external service while being misled about the provenance and rigor of the generated results.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README describes activation as occurring 'when triggered' without defining clear trigger phrases, scope boundaries, or caller constraints. In an agent environment, ambiguous activation can cause the skill to run in unintended contexts, leading to overbroad handling of user requests and increasing the chance of unsafe or policy-bypassing behavior.

Vague Triggers

High
Confidence
94% confidence
Finding
The activation conditions are broad and ambiguous, using common phrases that could match ordinary conversation and unintentionally trigger a high-capability skill. In this context, accidental activation is especially risky because the skill can steer outputs, invoke research workflows, and potentially send user content to external services without the user realizing a special skill has engaged.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Repeating broad 'when to use' guidance without exclusions increases the chance that the skill is invoked in unintended contexts. Because this skill influences response structure and may rely on external services, over-triggering can cause privacy issues, user confusion, and inappropriate workflow hijacking.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The documented trigger phrases are broad and overlap with common user language such as '写skill' and '创建技能', which can cause the skill to activate in contexts where the user did not explicitly intend to invoke it. In a skill that may perform research, network access, and content generation, accidental activation increases the risk of unintended external calls or processing of sensitive prompts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file states that AI content generation is powered by an external API and requires an authentication key, but it does not clearly disclose what user content may be transmitted, retained, or processed by the third party. For a skill creator handling user requests, prompts may contain proprietary code, internal architecture, or credentials, so missing privacy and data-handling disclosures create a real data exposure risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends the user's request and accumulated research context to a third-party API for generation without clear disclosure or runtime consent at the call site. In a skill-processing context, user requests may contain proprietary code, internal URLs, credentials pasted by mistake, or other sensitive data, so silent external transmission creates confidentiality and compliance risk.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: advanced-skill-creator
version: "1.0.0"
description: Advanced OpenClaw skill creation handler that executes the official 5-step research flow with comprehensive analysis and best practices. Ensures proper methodology when users request to create or modify OpenClaw/Moltbot/ClawDBot skills following official standards.
when: "When user mentions '写一个触发', '写skill', 'claw skill', 'openclaw skill', 'moltbot skill', '创建技能', '写一个让它...', or any request related to creating or modifying Claw系 skills"
examples:
  - "写一个触发监控系统"
Confidence
76% confidence
Finding
create or modify OpenClaw/Moltbot/ClawDBot skills following official standards. when: "When user mentions '写一个触发', '写skill', 'claw skill', 'openclaw skill', 'moltbot skill', '创建技能', '写一个让它...', or any

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.