ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ue Build Package

v1.0.0

Compile and package Unreal Engine projects. Use when: (1) Building UE project from command line, (2) Packaging for distribution (Android/iOS/Windows), (3) Ru...

0· 395·0 current·0 all-time
byVincent@vincentwilliam
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (UE build & package) align with the content: RunUBT/RunUAT commands, cook/package steps, and build checks. The commands and paths shown are exactly what a UE build helper would provide.
Instruction Scope
SKILL.md is instruction-only and stays within build/packaging tasks, but it contains hard-coded, absolute Windows paths (E:\SilverVer1.0.0\Project) and project-specific targets. It also suggests destructive operations (delete DerivedDataCache) and process-killing steps, and references GUI automation (SetForegroundWindow + SendKeys) which are unusual and brittle — verify these steps match your environment before running.
Install Mechanism
No install spec and no code files — nothing is downloaded or written to disk by the skill itself. Lowest-risk install footprint.
Credentials
Skill declares no environment variables or credentials and the instructions do not reference external secrets. The file and process operations are reasonable for local build tasks, but grant filesystem/process control consistent with building a project.
Persistence & Privilege
Skill is not always-enabled and does not request persistent privileges or modify other skills. It is user-invocable and can run autonomously per platform defaults (not a problem here by itself).
Assessment
This is an instruction-only helper for a specific Unreal project on Windows — there is no packaged code to install. Before using it: (1) update the hard-coded paths/targets so they point to your engine and project locations; (2) review and back up anything you might delete (DerivedDataCache) and avoid mass-deletes until you know the effect; (3) be cautious with commands that kill processes or automate the GUI (SendKeys) — they can disrupt your environment; (4) run the suggested commands manually first in a safe environment or CI runner to confirm behavior; (5) because the skill can execute destructive local operations, prefer manual invocation rather than allowing autonomous runs until you’ve validated it.

Like a lobster shell, security has layers — review code before you run it.

latestvk978fhkhqans9f9jbqeehpf905825s1j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments