ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Canvas Design

v0.1.0

Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.

3· 4.2k·16 current·17 all-time
by@sohamganatra
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the SKILL.md: both require creating a visual design philosophy and producing visual artifacts (.md manifesto, .png/.pdf outputs). There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
The SKILL.md is prescriptive about structure (4–6 paragraph philosophy, specific visual expression guidance) and explicitly requires repeating claims of 'master-level execution' and related phrasing. This is heavy-handed editorial guidance but stays within the skill's stated creative remit. It does not instruct the agent to read system files, environment variables, or send data to external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk writes and reduces supply-chain risk.
Credentials
The skill declares and requires no environment variables, credentials, or config paths. Requested capabilities are proportional to the described task.
Persistence & Privilege
always is false and autonomous model invocation is allowed (the platform default). The skill does not request persistent/system-level privileges or to modify other skills' config.
Assessment
This skill is coherent and low-risk from a system-access perspective because it is instruction-only and asks for no credentials or installs. Things to consider before installing: (1) provenance — the source/homepage are unknown, so you can't verify the author or license beyond the SKILL.md (it references a LICENSE.txt that isn't present); (2) creative constraints — the skill forces repeated framing language (e.g., "meticulously crafted") which may bias outputs; (3) content/copyright — while the instruction says to avoid copying existing artists, ensure prompts you provide don't ask for specific copyrighted styles you don't own; and (4) outputs may include binary files (.png/.pdf) produced by the agent — review those outputs before sharing. If you want stronger assurance, request the missing LICENSE file or a homepage/author identity and test the skill with non-sensitive prompts first.

Like a lobster shell, security has layers — review code before you run it.

latestvk970mhbpc7w16325rechmtbdrh80qnfz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments