Skill Creator FlagOS
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate skill-development tool, but it can run local Python and create or modify persistent skill files, so users should review generated changes before relying on them.
This skill is suitable for users who intentionally want an assistant to scaffold and edit skills. Install it only where you are comfortable allowing file writes and local Python execution, verify any repository-level validation script before running it, and review generated or modified skills before enabling them for regular use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create, edit, copy, and inspect local skill files and run Python commands as part of the workflow.
The skill requests broad local file-editing and command capabilities, including Python execution and file creation, which are expected for scaffolding and editing skills but should be used in a controlled repository.
allowed-tools: "Bash(python3:*) Bash(python:*) Bash(chmod:*) Bash(mkdir:*) Bash(cp:*) ... Read Edit Write Glob Grep ... Agent"
Use it in a dedicated skills repository or project workspace, and review file changes before accepting or publishing them.
Running validation may execute local code outside this skill’s reviewed files.
Validation depends on a repository-level script that is not included in the reviewed skill package, so its safety depends on the surrounding repository contents.
python3 {{repo_root}}/scripts/validate_skills.py {{skills_dir}}/{{skill_name}}Before running validation, confirm that the repository-level validate_skills.py script is from a trusted source and matches what you expect.
Poorly reviewed generated skill content could influence future agent behavior or cause a skill to trigger in unintended situations.
The skill creates and modifies persistent skill instructions and resources that future agents may load and trust.
Add resources — Creates scripts, reference docs, and assets as needed, with each file documented in SKILL.md.
Manually review generated SKILL.md files, triggers, scripts, references, and eval prompts before installing or sharing the resulting skills.
Future generated skills may be invoked in more situations than the user expected.
The writing guide intentionally favors broader trigger descriptions, which is useful for skill discoverability but can make generated skills activate more often than intended.
Be slightly "pushy" — err on triggering too often rather than too rarely.
Review and narrow trigger descriptions for any generated skill, especially skills that can write files, run commands, or access sensitive data.