Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
skill-creator
v2.0.0Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, update or optimize...
⭐ 0· 276·9 current·9 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name and description (create/modify/evaluate skills) align with the included scripts: packaging, validation, running trigger evaluations, aggregating benchmarks, and improving descriptions. However, the skill metadata declares no required binaries or environment variables while the code expects a 'claude' CLI (invoked via subprocess) and the anthropic Python client — a declared dependency and credentials are missing from the metadata. This mismatch is a design/packaging omission and reduces transparency.
Instruction Scope
SKILL.md describes the iterative workflow and evaluation loop which matches the scripts. The runtime behavior (as implemented) will: write temporary command files into a .claude/commands directory, spawn subprocesses that run the 'claude' CLI, call the Anthropics API via the anthropic client, and read/write project files (packaging, generating viewer HTML, logs). Those actions are within the stated purpose but SKILL.md does not explicitly warn that it will execute local binaries, create and delete files in the project tree, or call external model APIs — an important gap for users.
Install Mechanism
This is instruction-only (no install spec), but many Python scripts require third-party packages (e.g., anthropic, pyyaml) and a local 'claude' CLI binary. Because there is no declared install step or dependency list, a user might run scripts without needed packages or unknowingly install dependencies. Lack of an explicit install mechanism increases the chance of unexpected package installs or runtime failures.
Credentials
Registry metadata declares no required env vars or primary credential, yet the code instantiates anthropic.Anthropic() (which typically requires an API key via env vars) and spawns a 'claude' subprocess that depends on a CLI/runtime with its own authentication. The scripts also read and modify os.environ (they explicitly remove CLAUDECODE in one place). Asking for no credentials while using remote model clients and a local model CLI is a clear inconsistency and warrants caution.
Persistence & Privilege
always:false and user-invocable:true (normal). The scripts create and remove files under a project-level .claude/commands directory and write packaged .skill zip files and logs. They do not request permanent agent-level privileges, nor do they set always:true. Still, they modify the filesystem (creating command files that could cause the local 'claude' binary to see new commands), so review/consent is recommended before running.
What to consider before installing
This package largely does what it says — it helps author and evaluate skills — but it omits a few important operational details. Before installing or running anything: 1) Review the code yourself (especially scripts that write files or call subprocesses). 2) Expect to need Python dependencies (anthropic, pyyaml, etc.) and a local 'claude' CLI; don't run arbitrary pip installs without checking package sources. 3) Do not supply API keys (Anthropic or others) to this skill unless you trust the code and intend it to call remote models; the code will call external model APIs which will transmit prompt/eval data. 4) Run in an isolated environment (container/VM) or a project workspace where writing to .claude/commands and creating zip files is safe. 5) If you want to proceed, add explicit metadata: required binaries and env vars (e.g., ANTHROPIC_API_KEY, presence of 'claude' CLI) and/or modify scripts to surface prompts before network calls. These steps will reduce unexpected behavior and data exposure.Like a lobster shell, security has layers — review code before you run it.
latestvk97fm1rc3qx34ja3g1gk12ca3582n0fg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.