ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Command Creator

v0.1.0

WHAT: Create Claude Code slash commands - reusable markdown workflows invoked with /command-name. WHEN: User wants to create, make, or add a slash command. User wants to automate a repetitive workflow or document a consistent process for reuse. KEYWORDS: "create a command", "make a slash command", "add a command", "new command", "/command", "automate this workflow", "make this repeatable"

0· 934·10 current·14 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose is to create Claude Code slash commands and the SKILL.md, README, and reference docs are all focused on that. However, the instructions reference running tools like git, make, gt, TodoWrite/Task tools and performing repo-level operations (git add/git commit/gt submit) even though the skill's manifest declares no required binaries or environment variables. Not listing expected tool dependencies (git, make, gt, etc.) is an incoherence worth noting, though not necessarily malicious.
!
Instruction Scope
The instructions explicitly tell the agent to read project files, create directories, and write files under .claude/commands or ~/.claude/commands (which is consistent with creating commands), but they also include patterns and examples that run potentially destructive or high-impact commands: `git add .`, `git commit -m ...`, `gt restack`/`gt submit --stack --publish --no-edit`, and `make all-ci` with automated iterative fixes. The docs also contain contradictory guidance about using the Bash tool for make commands (both 'ALWAYS use Bash tool' and 'DO NOT use Bash tool for make commands' appear), which is a logical inconsistency. Because the skill encourages running repo-modifying commands and automated CI-fix cycles, users should be cautious about allowing autonomous execution or giving the agent repository write privileges.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written by an installer. That lowers the risk from supply-chain/install-time behavior.
Credentials
The skill declares no required environment variables or credentials. That is appropriate for its stated purpose. Note: many instructions assume availability of external tools (git, make, gt, TodoWrite/Task tools) and access to the user's filesystem, which is consistent with creating command files but should be explicitly documented in requires.* if the skill were to run in environments that enforce declared dependencies.
Persistence & Privilege
The skill does not request 'always: true' or any elevated persistent privileges. It's user-invocable and allows model invocation by default, which is normal. The skill writes files to .claude/commands or ~/.claude/commands as part of its function; that file-writing behavior is expected for this purpose but is a material side effect users should understand before enabling autonomous runs.
What to consider before installing
This skill is mostly coherent with its goal of authoring slash-command markdown files, but it contains a few red flags you should consider before installing or allowing it to run autonomously: - It references running system tools (git, make, gt) and performing repo-modifying actions (git add, git commit, submitting PRs). Those are legitimate for some command examples, but they have real side effects — only allow the skill in repos where unintended commits/PRs are acceptable. - The manifest claims no required binaries, yet the instructions assume git, make, gt, and platform-specific tools (TodoWrite/Task). Expect to provide or verify those tools are available, or the skill may fail in surprising ways. - There are internal contradictions in the instructions (conflicting guidance about using the Bash tool for make commands). That suggests the content wasn't fully reviewed and could lead the agent to take inconsistent actions. - Because the skill can write files to your home directory or project dirs, review generated command files before using them. If you plan to allow autonomous invocation, restrict it (do not enable wide autonomy) until you confirm the generated commands are safe and the agent's execution scope is limited. Recommendations: - Test the skill in a disposable or non-critical repository first. - Disable autonomous invocation or require user confirmation for any recipe that runs git/add/commit or submits PRs. - If you need stricter controls, ask the skill author to declare required binaries (git, make, gt) and to remove contradictory instructions. - Review and audit any generated command files and any commits/PRs the agent proposes before merging or publishing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9755z4dmbsc74n37zzb34h26x80x1p3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments