ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Flutter Release Pipeline

v1.0.0

Build and package Flutter Android release artifacts (APK/AAB), collect outputs into a single folder, and produce a short release checklist. Use when the user...

0· 56·0 current·0 all-time
by@neo1307

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for neo1307/neo1307-flutter-release-pipeline.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Flutter Release Pipeline" (neo1307/neo1307-flutter-release-pipeline) from ClawHub.
Skill page: https://clawhub.ai/neo1307/neo1307-flutter-release-pipeline
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install neo1307-flutter-release-pipeline

ClawHub CLI

Package manager switcher

npx clawhub@latest install neo1307-flutter-release-pipeline
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (build & package Flutter Android artifacts) align with the runtime instructions (flutter build, collect artifacts). However the declared requirements list no required binaries or env vars, while the instructions clearly assume the presence of 'flutter' and PowerShell (and a project with a pubspec.yaml). The omission of required tooling in metadata is an inconsistency.
Instruction Scope
SKILL.md stays within the stated purpose: preflight checks, run flutter build (APK/AAB), gather artifacts, compute SHA256 and produce a checklist. It also instructs running a local PowerShell script scripts/flutter_release.ps1 — the skill does not include that script, so the agent (or user) would run whatever is present at that path. Executing an external/local script is normal for build tooling but introduces risk if the script is untrusted or modifies system state beyond the repo.
Install Mechanism
Instruction-only skill with no install spec — lowest-risk install mechanism. Nothing will be downloaded or written by a provided installer.
Credentials
No environment variables or credentials are declared. Real Flutter Android releases commonly require signing keys (keystore, key passwords) and sometimes Play Console credentials; those are absent from the metadata and instructions only indirectly mention 'signing' in the checklist. The skill does not ask for or document how signing credentials are provided, which is a functional gap and a potential omission to be aware of.
Persistence & Privilege
always:false and no install actions — the skill does not request permanent presence or elevated agent privileges. It does instruct running local build scripts, but it does not modify other skills or system-wide agent configuration.
What to consider before installing
This skill appears to implement a reasonable Flutter release pipeline, but take these precautions before running it: 1) Verify your environment: ensure 'flutter' and PowerShell are installed and at the expected versions (the skill's metadata doesn’t declare these tools). 2) Inspect scripts/flutter_release.ps1 before executing — the SKILL.md references that script but the skill bundle does not include it; running an unreviewed script can execute arbitrary code. 3) Prepare signing credentials (keystore, passwords) and Play Console credentials separately — the skill does not declare how these are provided. 4) Run the pipeline in an isolated environment (CI runner or container) if you’re unsure about the script/source. 5) Ask the publisher to update metadata to list required binaries and any environment variables/credentials the pipeline needs, or to provide the referenced PowerShell script so you can review it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9731xafmp1vc57d5kwyttm619851srr
56downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@neo1307
latest
Download

Flutter Android Release Pipeline

Workflow

  1. Preflight
  • Confirm flutter --version works.
  • Confirm project path contains pubspec.yaml.
  1. Build (choose one)
  • AAB: flutter build appbundle --release
  • APK: flutter build apk --release (optionally --split-per-abi)
  1. Collect artifacts Create out/flutter_release_<timestamp>/ and copy:
  • build/app/outputs/flutter-apk/*.apk (if APK build)
  • build/app/outputs/bundle/release/*.aab (if AAB build)
  • build/app/outputs/mapping/release/mapping.txt (if present)
  • pubspec.yaml (snapshot)
  1. Report
  • Print paths + sizes + SHA256 for each artifact.
  • Print a short checklist (versionCode/versionName sanity, signing, Play Console notes).

Script

Run (PowerShell):

  • powershell -ExecutionPolicy Bypass -File scripts/flutter_release.ps1 -Project "<path>" -Mode aab|apk -SplitPerAbi:$false

Notes

  • Avoid changing app code unless explicitly requested.
  • If build fails, return the exact error + suggested fix.

Comments

Loading comments...