ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Python Script Generator

v1.0.0

生成专业的 Python 脚本和应用模板,支持 CLI 工具、Flask API、FastAPI、Django Command、Scraper 等,一键生成完整项目代码。

1· 2.2k·16 current·16 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, SKILL.md, and included files all align with a template-generator purpose. There are no unrelated environment variables, binaries, or downloads requested. However, the included shell helper (python-script-generator.sh) is syntactically broken and will likely fail if executed; some usage examples in SKILL.md also contain typos. These are quality issues rather than indicators of malicious intent.
Instruction Scope
SKILL.md content stays within the scope of generating templates and shows sample project files and pip dependency examples. It does not instruct the agent to read system files, external credentials, or send data to third-party endpoints. Minor contradiction: SKILL.md lists pip install commands for optional dependencies but also has an '安装' section that says '无需额外依赖' — ambiguous guidance but not a security red flag.
Install Mechanism
There is no install spec and no network downloads or archive extraction. Only an included shell script and documentation are present, so nothing is written to disk by an automatic installer. Lowest-risk install posture.
Credentials
The skill requires no environment variables, credentials, or config paths. The sample pip installs are appropriate for the templates described and do not imply additional secret access.
Persistence & Privilege
always is false and the skill doesn't request any persistent or elevated presence. It does not modify other skills or system-wide settings according to the provided files.
Assessment
This skill is coherent with its stated purpose (generating Python templates) and does not request secrets or perform downloads, but exercise caution: the shipped helper script is syntactically broken and will likely fail or behave unpredictably if run. Before installing or executing any included script: (1) review and fix the shell script or run it in an isolated environment (container/VM), (2) prefer generating templates from the SKILL.md content rather than executing unknown scripts, (3) only pip-install dependencies you trust and use a virtualenv, and (4) note the skill source/homepage is unknown — if you need reliability or support, ask the author for a corrected script or choose a generator from a known source.

Like a lobster shell, security has layers — review code before you run it.

clivk977easygrn3jj0yp6543t7b5d8240xxgeneratorvk977easygrn3jj0yp6543t7b5d8240xxlatestvk977easygrn3jj0yp6543t7b5d8240xxpythonvk977easygrn3jj0yp6543t7b5d8240xxscriptvk977easygrn3jj0yp6543t7b5d8240xx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐍 Clawdis

Comments