AI Labs Builder
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ai-labs-builder Version: 1.0.0 The skill is suspicious due to critical shell injection vulnerabilities present in multiple core scripts, specifically `scripts/create-ai-app.sh`, `scripts/create-dashboard.sh`, `scripts/create-website.sh`, and `scripts/create-workflow.sh`. In these scripts, the `$PROJECT_NAME` variable, which is derived from user input, is used directly in `mkdir -p "$PROJECT_NAME"` and `cd "$PROJECT_NAME"` commands without proper sanitization. This allows for potential directory traversal or arbitrary command execution on the host system. Additionally, the `assets/js/dashboard-widgets.js` file, intended for generated dashboards, contains client-side XSS vulnerabilities if widget titles or todo items are sourced from untrusted input.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A real embedded key could be copied into generated projects, committed to repositories, billed against someone else’s account, or abused by other users.
The provided static scan reports a hardcoded API key/token literal in the workflow generator script. This is credential material that does not need to be embedded in a reusable project-builder skill.
const apiKey = [REDACTED]
Remove the hardcoded key, rotate it if it is real, use environment variables or a secrets manager instead, and declare any required provider credentials clearly.
The exact code installed can change over time, so project creation depends on the npm ecosystem and current package contents.
The skill downloads and runs current npm/npx package versions while creating projects. This is expected for a Next.js project generator, but versions are not pinned.
npx create-next-app@latest ... --yes; npm install framer-motion lucide-react clsx tailwind-merge; npx shadcn@latest init -y -d
Run the builder in a clean project directory, review generated package files, and consider pinning package versions or using lockfiles for reproducible installs.
If connected to an untrusted MCP client or given unsafe workflows, another agent could trigger workflow execution or scheduling.
The generated workflow project creates an MCP server exposing tools to execute and schedule workflows over stdio. This is aligned with the advertised MCP workflow feature, but it creates an agent/tool boundary that users must configure carefully.
name: 'execute_workflow' ... name: 'schedule_workflow' ... const transport = new StdioServerTransport()
Only connect the generated MCP server to trusted clients, review workflow definitions before enabling them, and avoid scheduling unreviewed actions.