ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Creative Agents

v1.0.0

Integration scripts for the creative agent swarm managed by overstory (Claude Code). Use when configuring or running researcher, social media, blog, or scrib...

0· 324·0 current·0 all-time
by@austindixson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The included Python modules (researcher, oauth, playwright integration, humanizer, log analyzer, memory curator, scribe orchestrator) align with the declared purpose of managing creative agents. However, the skill's registry metadata declares no required environment variables or credentials even though oauth_handler expects platform-specific CLIENT_ID/CLIENT_SECRET environment variables and the integration code expects other skill paths (HUMANIZER_SKILL_PATH, LAST30DAYS_SKILL_PATH). This omission is an incoherence between claimed requirements and actual capabilities.
!
Instruction Scope
SKILL.md and the scripts instruct the agent to read many user-local paths: shell history (~/.zsh_history, ~/.bash_history), ~/.openclaw logs, ~/.claude transcripts, Cursor logs, and user workspace files (e.g., /Users/ghost/.openclaw/workspace/MEMORY.md). The oauth handler stores and reads tokens under ~/.nanobot and may call external OAuth endpoints. The skill also discovers and runs other local skill entry points via subprocess.run — which means it can execute arbitrary code found on disk. These behaviors go beyond a simple 'integration helper' and involve reading and writing sensitive local data.
Install Mechanism
There is no install spec (instruction-only), which reduces supply-chain installation risk. However, the package includes multiple executable Python scripts bundled with the skill — invoking the skill will execute that code on the host. No external downloads are performed by the skill itself (network is used for OAuth token exchanges), but because the scripts invoke other local skills via subprocess, they may execute third-party code present on disk.
!
Credentials
The skill metadata declares no required environment variables or primary credential, yet oauth_handler reads/depends on per-platform environment variables (e.g., TWITTER_CLIENT_ID, TWITTER_CLIENT_SECRET) to complete OAuth flows; other modules also check HUMANIZER_SKILL_PATH and LAST30DAYS_SKILL_PATH environment variables. The OAuth component persists tokens to ~/.nanobot/oauth_tokens.json and will store them as plaintext if the system keyring is unavailable — a significant credential-handling risk that is not reflected in the declared requirements.
Persistence & Privilege
The skill does not request 'always' or any elevated platform privilege. It does, however, write to user files: it will create ~/.nanobot for tokens, append to a MEMORY.md at a hard-coded path under the user's workspace, and can generate cron entry text for the user. It does not automatically install cron jobs, but it will persist tokens and memory entries when invoked.
What to consider before installing
Before installing or enabling this skill: - Understand it reads many personal files (shell history, local logs, Claude transcripts, and journal/daily notes) and will write to a MEMORY.md and ~/.nanobot/oauth_tokens.json — review those paths and confirm you are comfortable with that access. - The skill expects OAuth client IDs/secrets via environment variables (e.g., TWITTER_CLIENT_ID/TWITTER_CLIENT_SECRET) but the metadata doesn't declare them — only set these in a safe environment if you intend to use social features. - OAuth tokens are stored in the system keyring if available, otherwise stored as plaintext (permission 600) in ~/.nanobot/oauth_tokens.json — install a keyring backend or avoid using the OAuth features if you cannot accept plaintext storage. - The scripts discover and execute other local skills via subprocess.run; review any discovered skill entry points on disk to ensure you trust them. - If you have sensitive data on the machine, consider running this skill in an isolated environment or container, inspect the code yourself, and avoid granting it autonomous or always-on capabilities. - If you want to proceed, at minimum: (1) inspect oauth_handler.py and the storage location, (2) enable a system keyring, (3) review and restrict which directories the skill can access, and (4) set required CLIENT_ID/CLIENT_SECRET env vars only when needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eq9wrc1q5zn4the7b1ek3p181zcqh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments