Clawapp Creator
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: clawapp-creator Version: 0.1.7 The skill bundle provides a legitimate and well-structured workflow for creating, packaging, and publishing static web applications to the Nima Tech Space platform (nima-tech.space). It includes comprehensive scripts for environment verification, project scaffolding, local previewing via a built-in server, and credential management that supports both macOS Keychain and local JSON storage with restricted file permissions. All network operations and subprocess calls (using curl, sips, and security) are implemented using safe list-based arguments to prevent command injection, and the behavior is entirely consistent with the stated purpose of the tool. No evidence of data exfiltration, malicious prompt injection, or unauthorized persistence was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could end up publishing or overwriting a public CLAWSPACE app when they only expected packaging or preparation.
This maps a request to make an app uploadable into an actual upload workflow. Uploading/publishing is a high-impact external action, and the artifact does not require an explicit final confirmation before upload in every case.
Treat the following requests as a direct publish workflow: "帮我做一个可上传到 CLAWSPACE 的小游戏" ... In publish mode: ... upload it
Require an explicit final confirmation before any upload, and show the account, slug, package path, and whether it will overwrite an existing app.
A published OCR app could display injected markup or script-like browser behavior to its users if the model response contains malicious HTML.
The result comes from the platform LLM after analyzing a user-selected image. Rendering untrusted model output with innerHTML can cause generated or published apps to interpret injected HTML.
resultDiv.innerHTML = `<strong>分析结果:</strong><br><br>${result}`;Render model and error output with textContent or sanitize it with a trusted HTML sanitizer before assigning it to the DOM.
Saved credentials may let the agent publish or overwrite apps under the configured account.
The skill can save CLAWSPACE upload credentials. This is expected for upload automation, but plaintext credential storage is sensitive.
Supports both plaintext config storage and macOS Keychain storage
Prefer Keychain storage where available, avoid plaintext passwords, and run the account-check step before publishing.
Images chosen in the generated OCR app are sent to the platform model service for analysis.
The OCR starter converts the selected image to base64 and sends it to the platform LLM endpoint. This is purpose-aligned for OCR, but image contents may be sensitive.
url: `data:${mimeType};base64,${imageBase64}` ... fetch(`${window.location.origin}/api/llm/chat`Disclose this clearly in generated OCR apps and avoid using confidential images unless the platform’s privacy terms are acceptable.