Clawapp Creator
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its app-building purpose, but it can publish using saved account credentials and one OCR starter renders AI output unsafely, so it should be reviewed before use.
Before installing, confirm you are comfortable with the skill registering or using CLAWSPACE credentials, prefer Keychain over plaintext storage, require a final upload confirmation, and fix the OCR template to avoid innerHTML for AI output if you plan to publish OCR-style apps.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could end up publishing or overwriting a public CLAWSPACE app when they only expected packaging or preparation.
This maps a request to make an app uploadable into an actual upload workflow. Uploading/publishing is a high-impact external action, and the artifact does not require an explicit final confirmation before upload in every case.
Treat the following requests as a direct publish workflow: "帮我做一个可上传到 CLAWSPACE 的小游戏" ... In publish mode: ... upload it
Require an explicit final confirmation before any upload, and show the account, slug, package path, and whether it will overwrite an existing app.
A published OCR app could display injected markup or script-like browser behavior to its users if the model response contains malicious HTML.
The result comes from the platform LLM after analyzing a user-selected image. Rendering untrusted model output with innerHTML can cause generated or published apps to interpret injected HTML.
resultDiv.innerHTML = `<strong>分析结果:</strong><br><br>${result}`;Render model and error output with textContent or sanitize it with a trusted HTML sanitizer before assigning it to the DOM.
Saved credentials may let the agent publish or overwrite apps under the configured account.
The skill can save CLAWSPACE upload credentials. This is expected for upload automation, but plaintext credential storage is sensitive.
Supports both plaintext config storage and macOS Keychain storage
Prefer Keychain storage where available, avoid plaintext passwords, and run the account-check step before publishing.
Images chosen in the generated OCR app are sent to the platform model service for analysis.
The OCR starter converts the selected image to base64 and sends it to the platform LLM endpoint. This is purpose-aligned for OCR, but image contents may be sensitive.
url: `data:${mimeType};base64,${imageBase64}` ... fetch(`${window.location.origin}/api/llm/chat`Disclose this clearly in generated OCR apps and avoid using confidential images unless the platform’s privacy terms are acceptable.