creator
PassAudited by ClawScan on May 1, 2026.
Overview
No suspicious behavior is evident; the skill provides guidance and local helper scripts for creating, validating, and packaging skills.
This appears safe to install for skill-authoring help. If you use the bundled scripts, run them only in intended directories and inspect generated or packaged skills before installing or sharing them.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the initializer will create persistent files and directories wherever the chosen path points.
The initializer writes a new skill directory and files, and marks a generated example script executable under a user-supplied path. This is coherent with skill creation, but it is still local filesystem mutation.
skill_dir = Path(path).resolve() / skill_name ... skill_dir.mkdir(parents=True, exist_ok=False) ... skill_md_path.write_text(skill_content) ... example_script.chmod(0o755)
Use the helper only with directories you intend to modify, and review generated files before installing or sharing the new skill.
If a skill folder contains accidental secrets, drafts, or unrelated files, they may be included in the packaged archive if the user later shares it.
The packager recursively includes every file in the skill folder with no exclusions shown. This is expected for packaging, but unintended files in the folder could be carried into the .skill archive.
for file_path in skill_path.rglob('*'):
if file_path.is_file():
...
zipf.write(file_path, arcname)Inspect the skill directory and packaged .skill contents before distributing or installing generated skills.