Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
XPR Creative
v1.0.0Provides AI tools to generate and deliver creative content including rich markdown, PDFs, CSVs, AI-generated images, videos, web media, and GitHub repositories.
⭐ 0· 710·1 current·1 all-time
by@paulgnz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose (generate deliverables, upload to IPFS, create GitHub repos) matches the code and instructions: it downloads images, builds PDFs, can upload JSON/binaries to Pinata, and can create public GitHub repos. However, the skill.json and SKILL.md declare no required environment variables or credentials even though the code uses PINATA_JWT (and the create_github_repo tool will need GitHub auth in practice). That undeclared credential requirement is an inconsistency to be resolved.
Instruction Scope
SKILL.md instructs the agent to generate images/videos and upload them to IPFS, embed web images into PDFs, and create public GitHub repos. Those steps are within the stated purpose. Points to watch: the instructions insist uploads happen (IPFS) and insist on delivering actual content (not just URLs), which means potentially large uploads and public publication of user data; the SKILL.md does not tell users that uploads go to Pinata (or require a Pinata token) or that repos will be public.
Install Mechanism
No external install or remote downloads are specified; this is an instruction-and-bundled-code skill so nothing is fetched at install time. The runtime performs network calls (fetch) but there is no risky install mechanism in the manifest.
Credentials
skill.json.requires.env is empty and SKILL.md lists no required credentials, yet the code calls process.env.PINATA_JWT and process.env.PINATA_GATEWAY (and will need GitHub credentials to create repos). PINATA_JWT is a powerful secret that allows pinning arbitrary content to Pinata (public IPFS pinning). Requesting such secrets is proportionate to IPFS uploads, but the omission from the manifest and documentation is a red flag. The skill may attempt to upload user content to a public IPFS gateway or create public repositories — both can expose sensitive data if used with broad-scoped tokens.
Persistence & Privilege
The skill does not request always: true and does not declare modifying other skills or system-wide config. It stores deliverables in an in-memory Map (no persistent disk writes in the provided code excerpt). Autonomous invocation is allowed (the platform default); combined with the credential issues above this increases blast radius, but autonomous invocation alone is expected.
Scan Findings in Context
[uses_PINATA_JWT_env] expected: The code calls process.env.PINATA_JWT to upload JSON/binary to Pinata (pinJSONToIPFS / pinFileToIPFS). Using a Pinata JWT is expected for IPFS pinning, but the manifest and SKILL.md do not declare this required credential.
[uploads_to_ipfs_via_pinata] expected: The code posts to https://api.pinata.cloud/pinning/* to pin data. That aligns with the stated IPFS storage capability, but it implies pinned content is public and tied to the Pinata account used.
[creates_github_repo_credential_gap] expected: skill.json and SKILL.md expose a create_github_repo tool; creating public repos normally requires GitHub credentials, but no GITHUB_TOKEN (or equivalent) is declared. This credential omission is an incoherence to address.
[downloads_external_urls] expected: The code fetches arbitrary https URLs to download images and other media for embedding into PDFs. Downloading external resources is expected for embedding, but it can pull remote content into deliverables and upload it onward to IPFS/GitHub.
What to consider before installing
Before installing, get answers to these specific questions from the skill author and take precautions: (1) Which environment variables does the skill actually require? The code uses PINATA_JWT and PINATA_GATEWAY and likely needs a GitHub token — these should be listed in the manifest and SKILL.md. (2) Understand where content is published: Pinata pins are effectively public on IPFS and create_github_repo makes public repos — do not allow the skill to upload private or sensitive data. (3) Limit token scope: if you provide a Pinata or GitHub token, restrict its permissions and use a throwaway/sandbox account when testing. (4) Ask for documentation on create_github_repo behavior (repo visibility, naming, and whether it includes credentials). (5) If you cannot validate the above, run the skill in a restricted/sandbox environment or decline to provide secrets. Finally, consider requesting the author to update skill.json and SKILL.md to explicitly declare required env vars and the privacy implications of IPFS and public repos before enabling autonomous use.Like a lobster shell, security has layers — review code before you run it.
creativevk978dtmdg1rqwy923a0he8kqv5812x4kimage-generationvk978dtmdg1rqwy923a0he8kqv5812x4kipfsvk978dtmdg1rqwy923a0he8kqv5812x4klatestvk97522khm9vqbfaxvyssqmvy1h814j5yxprvk978dtmdg1rqwy923a0he8kqv5812x4k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.