Chatbot Builder
ReviewAudited by ClawScan on May 1, 2026.
Overview
No malicious behavior is shown, but this is a very minimal instruction-only skill that references a missing chatbot script and would involve user documents, chat history, and provider keys if implemented.
This skill appears coherent and not malicious from the provided artifacts, but it is incomplete. Do not run any ./chatbot.sh file unless you trust and inspect it, use dedicated/scoped API and channel credentials, keep sensitive documents out of training data unless necessary, and confirm how conversation memory and analytics are stored and deleted.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could end up running an unreviewed local script if they create or obtain chatbot.sh from somewhere else.
The documented workflow relies on a local shell helper, but the provided manifest contains only SKILL.md and _meta.json. This is a provenance gap users should notice before running any local script.
./chatbot.sh create support-bot ./chatbot.sh train support-bot --data ./docs ./chatbot.sh deploy support-bot --channel slack
Only run a chatbot.sh file that you can inspect and trust; prefer a package with included source, pinned dependencies, and clear installation instructions.
Private documents or user conversations could become part of chatbot context or logs if the implementation follows these instructions.
The skill describes ingesting user documents and keeping conversation context/analytics. That is expected for a chatbot builder, but it can involve sensitive content and the artifacts do not define retention or exclusion rules.
- **Train on your data** - PDFs, websites, documents - **Conversational memory** - Context-aware responses - **Analytics** - Track conversations
Before use, decide which files and conversations may be indexed, exclude secrets and personal data, and confirm where memory and analytics data are stored and how they can be deleted.
Supplying an API key can grant model access and incur costs if the implementation uses it broadly.
A provider credential is expected for hosted LLM integration, but the registry metadata declares no required environment variables or primary credential.
- OpenAI API key (or use local models)
Use a scoped or dedicated API key with billing limits, avoid pasting secrets into chat, and verify how the implementation stores and uses the key.
A deployed chatbot may interact with website visitors or workspace members and could expose incorrect or unintended responses.
The skill includes deployment commands for public or team-facing channels. This is aligned with the stated purpose, but deployment should be an explicit user-controlled action.
./chatbot.sh deploy support-bot --channel web ./chatbot.sh deploy support-bot --channel slack
Review training data, test the bot, and require explicit approval before deploying to any public or workspace channel.