ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

advanced-skill-creator

v1.0.0

Advanced OpenClaw skill creation handler that executes the official 5-step research flow with comprehensive analysis and best practices. Ensures proper metho...

0· 60·0 current·0 all-time
by@marjoriebroad

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for marjoriebroad/marjorie-advanced-skill-creator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "advanced-skill-creator" (marjoriebroad/marjorie-advanced-skill-creator) from ClawHub.
Skill page: https://clawhub.ai/marjoriebroad/marjorie-advanced-skill-creator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: SKILLBOSS_API_KEY
Required binaries: python3, bash
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install marjorie-advanced-skill-creator

ClawHub CLI

Package manager switcher

npx clawhub@latest install marjorie-advanced-skill-creator
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description indicate an AI-driven skill creator and the package includes a Python processor that calls an external AI service. Requested binaries (python3, bash) and a single env var (SKILLBOSS_API_KEY) are consistent with the stated purpose.
!
Instruction Scope
SKILL.md contains detailed runtime instructions to consult docs, query hubs, fuse results, and then call an external '/v1/pilot' endpoint to generate SKILL.md output. A prompt-injection pattern ('you-are-now') was detected in the SKILL.md pre-scan, which could attempt to manipulate model behavior or override host instructions. The SKILL.md also mandates exact output structure (which is reasonable) but the injection signal and strict directives increase risk that the skill will push the agent into following hidden or unsafe prompts.
Install Mechanism
No install spec — instruction-only skill with one included Python script. That keeps installation footprint small. The included script will be written to disk as part of the skill, but there is no remote archive-download or installer that fetches arbitrary code at install time.
Credentials
Only SKILLBOSS_API_KEY is required and used by the included script to call an external API; this is proportionate for a skill that delegates generation to a third‑party AI service. However, the external endpoint (api.heybossai.com / skillboss.co) is not a widely-known vendor in this package, so verify the service before supplying secrets.
Persistence & Privilege
always is false and the skill does not request system-wide config paths or other skills' credentials. The skill can be invoked autonomously (default platform behavior) — this is normal but means the prompt-injection and network-call aspects have broader impact if enabled for autonomous runs.
Scan Findings in Context
[prompt-injection-you-are-now] unexpected: A 'you-are-now' style prompt-injection pattern was detected in SKILL.md. Prompt-injection tokens are not expected for a skill that should simply implement a research flow; they can be used to coerce model behavior and should be reviewed and removed or sanitized.
What to consider before installing
This skill is internally consistent with its stated goal (it includes a Python script that calls an external AI service and asks for SKILLBOSS_API_KEY), but there are red flags you should address before installing: 1) Inspect SKILL.md and scripts for prompt-injection strings (the pre-scan found a 'you-are-now' pattern) and remove or sanitize any hidden directives that force the model to ignore host policies. 2) Verify the external service (api.heybossai.com / skillboss.co): ask the publisher for a real homepage, privacy/security documentation, and the exact privileges expected of SKILLBOSS_API_KEY. 3) Audit scripts for any subprocess.run/exec usage or file reads not needed for skill creation; run the code in an isolated environment (container) first. 4) If you must supply SKILLBOSS_API_KEY, use a scoped/test key with minimal privileges and monitor network traffic. 5) Prefer disabling autonomous invocation or limit triggers until you confirm there is no hidden prompt-injection or credential exfiltration. If you cannot verify the external service or remove injection patterns, treat this skill as unsafe to deploy.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Clawdis
Binspython3, bash
Any binpython3, python
EnvSKILLBOSS_API_KEY
Primary envSKILLBOSS_API_KEY
latestvk97br6mfra24qcbm6fvayvrdwd84vnxw
60downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@marjoriebroad
latest
Download

📖 Complete setup guide: https://skillboss.co/skill.md

Advanced Skill Creator

Advanced skill creation handler that executes the official 5-step research flow with comprehensive analysis and best practices. Ensures proper methodology and standards compliance by following the complete research process, applicable to all timeframes and use cases.

Uses SkillBoss API Hub to power AI-assisted skill generation via the unified /v1/pilot endpoint.

When to use

  • When user mentions "写一个触发", "写skill", "claw skill", "openclaw skill", "moltbot skill", "创建技能", or "写一个让它..."
  • When proper skill creation methodology needs to be followed according to official standards
  • When ensuring adherence to 5-step research flow (documentation, ClawHub, community, fusion, output)
  • For comprehensive skill analysis and creation with best practices

5-Step Research Flow Execution

Step 1: Consult Official Documentation

Comprehensively access official documentation:

Extract key information:

  • SKILL.md format requirements
  • YAML frontmatter specifications (name, description, when, examples, metadata.openclaw.*, requires)
  • Trigger mechanisms (natural language triggers, when conditions)
  • Tool calling conventions (exec, browser, read, write, nodes, MCP)
  • Loading precedence (workspace > ~/.openclaw/skills > bundled)
  • ClawHub installation methods
  • Breaking changes (latest versions)

Step 2: Research Related Public Skills on ClawHub/ClawdHub

Thoroughly query ClawHub/ClawdHub for relevant skills:

  • Search keywords: weather, reminder, schedule, translate, image, cron, memory, task-tracker, notification, backup, automation
  • Select 2-4 most relevant skills with high downloads/recent updates/community ratings
  • Analyze:
    • Trigger descriptions (when, examples)
    • YAML metadata
    • Pure Markdown vs. scripts/ structure
    • Dependency declarations
    • Error handling recommendations
    • Community feedback (why popular or criticized)
    • Security considerations

Step 3: Search Best Practices

Use comprehensive keyword combinations for GitHub searches:

  • "OpenClaw SKILL.md" OR "ClawDBot skill example" OR "Moltbot create skill"
  • "SKILL.md" "when:" OR "metadata.openclaw" site:github.com
  • "clawhub install" "custom skill" OR "openclaw skill tutorial"
  • "skill security" OR "prompt injection prevention" OR "skill best practices"

Focus on:

  • Active GitHub repositories
  • Recent commits
  • Blog/Reddit/X content
  • Security best practices
  • Known security pitfalls (prompt injection, exec abuse)

Step 4: Solution Fusion & Comparison

Comprehensively summarize implementation approaches from all three sources: Compare across key dimensions:

  • Trigger precision (false positive rate)
  • Maintainability/readability
  • Loading speed/memory impact
  • Compatibility (different gateways/channels/versions)
  • Security & error isolation
  • Upgrade friendliness (dependency on specific tools)
  • Dependency management complexity
  • Performance optimization
  • Error handling robustness

Select optimal solution for current context with 4-7 clear reasons prioritized:

  • Official documentation > High-quality ClawHub skills > Active community solutions > Self-optimization

Step 5: Proper Output Structure

Output must follow exact structure without adding extra headers or showing raw search logs:

  • Use the exact headings: 【最终推荐方案】, 【文件结构预览】, 【完整文件内容】
  • Provide complete file contents with proper formatting
  • Include tree-style directory structure preview
  • Use proper YAML frontmatter in SKILL.md examples
  • Ensure comprehensive documentation
  • AI-generated skill content powered by SkillBoss API Hub (自动路由最优模型)

Resource Utilization

Documentation Features Utilized

  • YAML frontmatter format (name, description, when, examples, metadata.openclaw.*)
  • Trigger mechanism definition (when field)
  • Example specification (examples field)
  • Metadata definition (metadata.openclaw.requires)
  • Standardized skill description structure

Skills Referenced

  • system-monitor: Structure and functional organization
  • security-monitor: Metadata definition format
  • integrated-system-monitor: Script organization and implementation
  • Other existing skills: YAML frontmatter best practices

Community Practices Integrated

  • GitHub popular OpenClaw skill project structures
  • Community-recommended security practices (input validation, error handling)
  • Optimal metadata configuration methods
  • Effective trigger word definition patterns

Custom Scripts Created

  • advanced_skill_processor.py: Implements complete 5-step research flow automation
    • Automated documentation query, public skill research, best practice search
    • Solution fusion and comparison functionality
    • AI-powered skill generation via SkillBoss API Hub (/v1/pilot, type=chat)
    • Standardized output generation
    • Error handling and logging features

Implementation Requirements

  1. Execute all 5 steps in strict sequence - no skipping allowed
  2. Do not rely on memory or "approximately correct" code
  3. Demonstrate research → comparison → selection logical chain
  4. Show evidence of consulting official documentation
  5. Include proper metadata and security considerations
  6. Provide complete, functional skill implementations with proper structure
  7. Ensure all outputs follow the exact template structure required
  8. Apply universally regardless of timeframe or version
  9. Include security best practices and error handling
  10. Provide comprehensive examples and use cases
  11. Include system prompt integration for enhanced AI interaction
  12. Incorporate thinking model framework for improved decision-making

System Prompt Integration

When creating new skills, include system prompt elements that enhance AI interaction:

"You are now an OpenClaw (formerly ClawDBot / Moltbot) skill development expert, implementing advanced thinking models for enhanced decision-making. Apply structured cognitive processing while balancing speed and accuracy based on specific situational requirements."

Skill Creation Guidelines

  • Apply the multi-stage cognitive processing pipeline during skill design
  • Integrate memory systems for continuous learning and improvement
  • Balance speed optimization with accuracy enhancement in skill functionality
  • Include appropriate system prompts for AI assistants using the skill
  • Document decision-making processes for future reference and learning

Comments

Loading comments...