v1.0.0

Create Interesting Skills

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:29 AM.

Analysis

This skill is a creative skill factory, but it can turn web-sourced ideas into installed, persistent skills, so users should review generated skills before deployment.

GuidanceOnly install this if you are comfortable with a skill that creates other skills. Before allowing deployment, review each generated SKILL.md, confirm the path and trigger wording, avoid batch mode unless you inspect every generated skill, and keep a way to remove or roll back created skills.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityHighConfidenceHighStatusConcern

SKILL.md

从互联网上挖掘网友的脑洞创意，判断哪些能落地，然后把它做成真正能用的 OpenClaw Skill。

The skill explicitly turns unvetted internet-sourced ideas into runnable OpenClaw skill artifacts, creating a supply-chain path from external content into the user's agent environment.

User impactA bad or manipulated online idea could become a persistent skill that changes how the agent behaves later.

RecommendationShow the complete generated SKILL.md and source links to the user, require explicit approval before writing it, and add validation rules that reject unsafe instructions.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

将 SKILL.md 写入 `/projects/.openclaw/skills/<skill-name>/SKILL.md`

The instruction directs the agent to mutate the installed skills directory, which is a high-impact filesystem action affecting future agent behavior.

User impactSelecting a fun idea may install a new agent behavior before the user has reviewed the exact instructions that will persist.

RecommendationRequire a separate confirmation after displaying the final file contents, restrict generated skill names and paths, and provide an easy uninstall or rollback step.

Agent Goal Hijack

SeverityMediumConfidenceHighStatusConcern

SKILL.md

description: <触发描述，包含触发词和使用场景，要稍微"pushy"一点，让模型知道该什么时候用>

The generated skills are instructed to use deliberately pushy trigger descriptions, which can broaden when future skills activate and reduce alignment with the user's immediate intent.

User impactFuture generated skills may trigger more often than expected or steer the agent toward using them in borderline situations.

RecommendationUse neutral, precise trigger descriptions and require generated skills to state clear non-trigger conditions.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

SKILL.md

按候选列表顺序逐个生成，每个完成后简单通知，全部完成后给一个汇总。

Batch mode can create multiple persistent skills in one workflow, so a weak validation process or unsafe source idea can propagate across several installed agent behaviors.

User impactOne careless approval such as '全做' could add several unreviewed skills that continue affecting later sessions.

RecommendationDisable batch installation by default or require per-skill review and approval, with a summary of all files changed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

保留有趣的网友原话或灵感

The workflow encourages preserving online users' original wording inside generated skills, which can persist untrusted retrieved text as future agent context.

User impactPrompt-like or manipulative text copied from the web could be stored in a skill and later treated as trusted instructions.

RecommendationSanitize quoted source material, label it strictly as non-instructional background, and strip any text that tells the agent to ignore rules or change behavior.