ClawHub
Back to skill
v2.0.2

Auto Create AI Team

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:02 AM.

Analysis

The skill appears to be a local project-file generator with no evidenced network or credential behavior, but users should review the generated AI-team workflow text before treating it as operational instructions.

GuidanceThis looks safe to install for its stated local file-generation purpose. Before using it, confirm you trust the source, run it only on the intended project folder, and review the generated ai-team markdown files so they do not accidentally authorize automation, data sharing, or model usage you did not intend.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
`python create_ai_team.py --project-path /path/to/project [options]` ... `--project-path` | Path to the project directory (required)

The skill is intended to mutate the local filesystem by creating files under a user-selected project path. This is purpose-aligned, but the selected path controls where files are written.

User impactRunning it against the wrong directory could add or overwrite ai-team documentation in an unintended project.
RecommendationRun it only on the intended project directory and review generated files before using them as project or agent instructions.
Human-Agent Trust Exploitation
SeverityLowConfidenceHighStatusNote
create_ai_team.py
`'next_step_1': 'AI team starts running automatically'` ... `'automation_scripts': 'Automation Scripts'` ... `'runtime_logs': 'Runtime Logs'`

Generated status text may imply that automation and runtime logging are actually deployed, while the surrounding artifacts describe a local file-generation tool.

User impactUsers may overestimate what the skill has actually configured or assume background automation exists when the artifacts mainly show generated documentation.
RecommendationTreat automation-related wording as template content unless you separately configure real automation, and update generated docs to avoid misleading operational claims.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
templates/workflow_template.md
`**{{DATA_SHARING}}**: User and product data bidirectional flow` ... `**{{SCHEDULED_TASKS}}**: Regular data updates and analysis` ... `**{{EVENT_TRIGGERED}}**: Specific events trigger team actions`

The skill generates persistent workflow documents that could later be read as agent context. The content includes broad automation and data-sharing concepts.

User impactA future agent or team member might treat the generated workflow text as permission to share data or perform scheduled/event-triggered actions.
RecommendationReview and edit the generated WORKFLOW.md and related files so they clearly state what actions are allowed, what data may be used, and when human approval is required.