ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Creator

v0.1.0

Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.

229· 64.7k·2.1k current·2.1k all-time
by@chindden
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (skill creation guidance) match the included files: SKILL.md, reference docs, and helper scripts for initializing, validating, and packaging skills. The provided scripts and references are appropriate for a skill-authoring toolkit.
Instruction Scope
SKILL.md is a guidance document for building skills and does not instruct the agent to read unrelated system files or exfiltrate data. The bundled scripts perform local filesystem operations (create directories, write files, zip a folder, validate frontmatter) which are coherent with a skill-creator purpose. Note: these scripts are executable templates and will create/modify files when run.
Install Mechanism
No install spec is present (instruction-only with bundled scripts). Nothing is downloaded from external URLs and no archive extraction from remote servers is performed, which is low-risk.
Credentials
The skill requests no environment variables, credentials, or config paths. The absence of secrets is proportional to its stated purpose.
Persistence & Privilege
No 'always: true' or elevated persistence is requested. The skill is user-invocable and allows model invocation (platform default), which is expected for a skill. The bundled scripts operate on the local filesystem but do not modify other skills or system-wide agent settings.
Assessment
This package is a skill-authoring template and appears coherent and non-malicious. Before running any bundled scripts, review them (init_skill.py, package_skill.py, quick_validate.py) to confirm the target paths and behaviour, and run them in a sandboxed or development environment if you're unsure. The scripts will create directories, write template files, and produce a .skill zip; they do not request network access or credentials. Also note the validator enforces strict frontmatter keys—if you plan to add extra metadata fields, update or review quick_validate.py accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bahjz3bvx90vc3rvhgkjaz5800s64

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments