ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

FLWR Branding Studio Kit

v1.0.0

An advanced AI agent that acts as a Senior Brand Strategist. It automates project setup, applies elite market methodologies (Archetypes, StoryBrand, Personas), and generates structured brand assets while preventing hallucinations via strict context shielding.

0· 1.2k·1 current·1 all-time
by@vansearch

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for vansearch/flwr-branding-studio-kit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "FLWR Branding Studio Kit" (vansearch/flwr-branding-studio-kit) from ClawHub.
Skill page: https://clawhub.ai/vansearch/flwr-branding-studio-kit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install vansearch/flwr-branding-studio-kit

ClawHub CLI

Package manager switcher

npx clawhub@latest install flwr-branding-studio-kit
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The repository and SKILL.md describe a branding agent that scaffolds projects, enforces frameworks (RACE) and provides templates — which matches the included docs and templates. However there are mismatches: SKILL.md/installation says 'Ensure you have Python 3 installed' while README/package.json and the CLI are Node.js-based. Development docs reference scripts (e.g., scripts/setup_branding_project.py) and automation flows that are not present in the file list. These inconsistencies suggest sloppy packaging or incomplete artifacts, not that the required capabilities are malicious, but they are disproportionate to a polished release.
Instruction Scope
Runtime instructions are reasonable for the stated purpose: they create a clients/ directory, ask you to drop briefings into client_intel, and the agent analyzes those documents. That behavior is expected for a branding tool. Caveats: the SKILL.md/README assert the agent will 'analyze' and 'run' automated workflows but there is no bundled code for AI integration (no connector to Claude/other LLMs) — the agent is expected to do that. Also the repo includes extensive extracted prompts and OCR text (potentially sensitive/copyrighted content) which will be copied into projects if templates are used.
Install Mechanism
There is no install spec in the skill registry (instruction-only). The package contains a small CLI (bin/cli.js) and a package.json so it can be used via npm/npx. No external downloads or archive extraction are present. Overall install risk is low, but the README suggests publishing to npm and automations that would require adding secrets (docs/SETUP_AUTOMATION.md), so users should avoid blindly following those steps without review.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. However docs reference an automation token (CLAWDHUB_TOKEN) for publishing and suggest adding GitHub secrets, and README mentions npm publish — these are maintainer-side steps, not runtime requirements. This mismatch (no required env but docs instruct setting secrets for automation) should be treated as a packaging/documentation inconsistency that could confuse less-technical users.
Persistence & Privilege
The skill does not request persistent or elevated privileges (always:false). The CLI creates folders and copies templates into the current working directory; it does not modify other skills or global agent configuration. That scope is proportional to a scaffolding tool.
What to consider before installing
Before installing or running this skill, consider the following: - Source verification: The skill's registry entry has no homepage and an unknown source. Treat it as untrusted until you can verify the upstream repository or author. - Review mismatches: SKILL.md asks for Python but the repo is Node-based (package.json, bin/cli.js). README mentions scripts that are absent. These indicate the package may be incomplete or incorrectly documented — inspect files before running. - Inspect code before execution: The CLI is small and appears to only create directories and copy templates, but review bin/cli.js (and any other scripts) to ensure no network calls or unexpected exec/IO happen. Note: the CLI imports child_process.execSync though it isn't used — confirm no hidden exec usage. - Run in a safe directory: Execute the CLI in an empty or disposable folder (not your home or a workspace with secrets) to avoid accidental copying or overwriting. - Protect client data: The skill asks you to drop client briefings, transcripts, and PDFs into client_intel. Only upload data you are permitted to share; do not place PII or confidential documents until you confirm where (and how) the agent sends/uses that data. - Check templates/content: The repository contains extracted prompts and OCRed text that may include copyrighted or sensitive content. Decide if you want those artifacts copied into client projects. - Avoid publishing secrets: The docs describe adding CLAWDHUB_TOKEN to GitHub secrets to automate publishing. Do not add secrets or publish the repo unless you fully control the account and understand the automation steps. If you want a safer path: ask the maintainer for an authoritative source (official repo URL), request a minimal reproducible release (only the templates and CLI with clear README), or run the tool in an isolated environment / sandbox and review its actions before using with real client data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aqn5rt6bj3c3xdrff0mpjds80rft9
1.2kdownloads
0stars
3versions
Updated 1mo ago
v1.0.0
MIT-0
@vansearch
latest
Download

Senior Brand Strategist Skill

This skill transforms your AI into a Senior Brand Strategist capable of orchestrating complex branding projects from chaos to structured strategy.

✨ Features

  • 🏆 Elite Methodologies: Built-in knowledge of Archetypes (Mark/Pearson), StoryBrand (Miller), and Goal-Directed Personas (Cooper).
  • 🛡️ Hallucination Shield: "Context Saver" and "Reality Check" protocols ensure the strategy is grounded in client data.
  • ⚖️ Strategy Auditor: The agent acts as a consultant, flagging if a client's request (e.g., "Neon Red") contradicts their goal (e.g., "Calmness").
  • ⚡ Automated Workflow: One command (/branding-start) sets up the entire folder structure and prepares templates.
  • 🎨 Asset Output: Generates assets in a specific Markdown format ready for import into documentation tools.
  • 🧠 Interrogation Mode: If the briefing is weak, the agent refuses to generate strategy and interviews the user instead.

🚀 How to Use

  1. Start a Project: Typing any of these commands triggers the automated setup:

    • Start branding project
    • /branding-start
    • Novo projeto de marca

  2. Provide Context: The system will create a client_intel folder. Upload your PDFs, briefings, or transcripts there.

  3. Generate Strategy: The agent will analyze the documents using the RACE framework and fill the templates in strategy_output.

📂 Directory Structure

clients/
└── [Client_Name]/
    ├── client_intel/       <-- Drop your files here
    ├── creative_assets/    <-- Place logos/images here
    └── strategy_output/    <-- The AI renders final MD files here

🛠️ Installation

  1. Clone this repository into your .agent/skills/ directory.
  2. Ensure you have Python 3 installed.
  3. Restart your agent to load the new rules.

Comments

Loading comments...