ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

advanced-skill-creator

v1.0.0

Advanced OpenClaw skill creation handler that executes the official 5-step research flow with comprehensive analysis and best practices. Ensures proper methodology when users request to create or modify OpenClaw/Moltbot/ClawDBot skills following official standards.

2· 2.8k·16 current·16 all-time
by@xqicxx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose — a helper for creating/modifying OpenClaw/Moltbot/ClawDBot skills — reasonably explains needing documentation lookups, community research, and a script to assist. However the registry metadata provided to the catalog says 'no required binaries' while the SKILL.md YAML claims it requires python3 and bash (anyBins: ["python3","python"]). That inconsistency increases risk because the SKILL.md implies executable code will be run but the registry entry does not advertise that.
!
Instruction Scope
SKILL.md prescribes broad external research (docs, ClawHub, GitHub, web content) and enforces a strict output template. The file also contains a detected prompt-injection pattern (e.g. 'you-are-now'), which indicates the skill may include text intended to coerce the agent's behavior. The instructions demand producing full file contents and complete skill implementations — if executed automatically, that could cause the agent to fetch and re-publish external content without supervision. The instruction set is broader than a simple formatter and gives the agent substantial discretion to fetch, synthesize and output external data.
Install Mechanism
There is no install specification (no network download/install steps), which lowers supply-chain risk. However the package includes a non-trivial script (scripts/advanced_skill_processor.py) that looks intended to be executed. Because there is no controlled install step, executing that included code would run arbitrary local Python code from the package — review of that file is required before running.
Credentials
No environment variables, credentials, or config paths are required by the registry metadata. The SKILL.md metadata only lists required binaries (python3, bash) and sets primaryEnv to null. There are no explicit requests for unrelated secrets in the manifest. Still, included script execution could access local environment or network at runtime — confirm script behavior before granting execution.
Persistence & Privilege
The skill does not set always:true and does not declare special privileges. Model invocation is not disabled by the manifest, so the skill could be callable by the agent per normal rules. This is typical, but combined with a supplied executable script and the prompt-injection patterns, it increases the need for manual review and possibly disabling autonomous invocation until validated.
Scan Findings in Context
[prompt-injection-you-are-now] unexpected: SKILL.md contains an explicit prompt-injection-like phrase (scanner matched 'you-are-now'). That pattern is not expected for a benign instruction document and suggests the document contains phrasing intended to alter agent behavior beyond normal instructions. This should be removed or inspected and justified by the author.
What to consider before installing
Do not run or grant this skill elevated or automated execution rights without manual review. Steps to take before installing: - Open and read scripts/advanced_skill_processor.py line-by-line. Look for network requests, subprocess.exec/ Popen usage, file reads (e.g., ~/.ssh, /etc), or any code that posts data to external hosts. - Verify why the SKILL.md lists python3/bash as required while the registry metadata shows none — ask the publisher to explain the mismatch and provide a homepage or source repo. - Remove or sanitize any prompt-injection-like language in SKILL.md (e.g., 'you-are-now' style directives) and require the author to justify any coercive instructions. - If you must test, run the script in an isolated sandbox or VM without secrets and monitor outbound network traffic. - Prefer a policy that prevents autonomous model invocation for this skill until the behavior of the included script is positively audited; consider setting disableModelInvocation:true for safer deployment. - Ask the publisher for a verifiable homepage or source repository and for evidence that the script does not exfiltrate data. If they cannot provide this, treat the package as untrusted code.

Like a lobster shell, security has layers — review code before you run it.

latestvk9751hdnnpernamp6tvpwj0zes808mmz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binspython3, bash
Any binpython3, python

Comments