Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
FlowStitch
v2.0.0Turn one sentence into a deployed website. FlowStitch is your AI design team: prompt engineering, design system generation, multi-page creation, quality eval...
⭐ 0· 49·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (generate + deploy a site) matches the SKILL.md workflow and the included design/React templates. However, some claimed capabilities (one-command deploy to Vercel/Netlify/GitHub Pages, 'Powered by Google Stitch MCP') imply use of external services and credentials that are not declared in requires.env. That omission is a mismatch worth flagging: deploy/integration steps normally require tokens or repo access.
Instruction Scope
Runtime instructions tell the agent to create .stitch project files, generate pages via Stitch MCP, download screenshots/HTML/assets, and 'scrape any competitor's site' (i.e., fetch arbitrary external URLs). The instructions do not tell the agent to read unrelated local files or secrets, but scraping arbitrary external URLs and downloading assets are explicit behaviors that will contact external hosts and pull remote content—this is within the stated purpose but expands the network surface and requires explicit user consent for targets.
Install Mechanism
There is no platform install spec (instruction-only), which lowers install risk. However the bundle includes a shell script (scripts/fetch-stitch.sh) and several code examples. The shell script's presence elevates risk because it may fetch or install components when executed. SKILL.md also references platform tooling (list_tools, mcporter) and external MCP tooling; without visibility into the shell script and any network fetches, this is a potential vector for arbitrary code download/execution.
Credentials
The skill declares no required environment variables or primary credential, yet it promises one-command deploys to hosted platforms and integration with 'Stitch MCP' — steps that typically need service tokens, git or cloud credentials, or platform integration. That mismatch could lead the skill to (a) prompt for credentials at runtime in unclear ways, or (b) attempt to use system-level tooling/integrations that are not declared. Also, the competitive-analysis flow will fetch arbitrary external sites; while relevant to the purpose, this expands data exfiltration risk if combined with undeclared network endpoints or scripts.
Persistence & Privilege
always:false and normal autonomous invocation settings are present (expected). The instructions write to a local .stitch directory and project files (expected for a generator). The skill does not request permanent/always-on presence or claim it will change other skills' configs. No elevated persistence privileges are requested in the metadata.
What to consider before installing
FlowStitch appears to do what it claims (generate designs, export React, and deploy), but there are several things to check before you install or run it:
1) Inspect the bundled shell script(s) (scripts/fetch-stitch.sh) and any other scripts for network downloads, exec calls, or commands that run as-is — do not run them until reviewed. 2) Confirm how deployment works: the SKILL.md mentions Vercel/Netlify/GitHub Pages but the skill declares no env vars for tokens — decide whether you'll provide tokens interactively and only to a trusted flow, or perform deployment manually. 3) Be aware the tool will fetch/scrape arbitrary competitor URLs and download assets; only allow scraping of URLs you control or that you have permission to analyze. 4) Verify the Stitch MCP integration: confirm the source/trust of 'Stitch' (stitch.withgoogle.com is referenced) and whether any external binary or service will be installed. 5) Run the skill in an isolated environment (sandbox or disposable repo) the first time to observe behavior and network traffic, and avoid providing broad system credentials. If you want, paste the contents of scripts/fetch-stitch.sh and any other scripts here and I can review them for unsafe operations before you run them.Like a lobster shell, security has layers — review code before you run it.
admin-dashboardvk975aajqrde47kr6jcm21d0dfs83h5v8brandvk975aajqrde47kr6jcm21d0dfs83h5v8competitive-analysisvk975aajqrde47kr6jcm21d0dfs83h5v8deployvk975aajqrde47kr6jcm21d0dfs83h5v8designvk975aajqrde47kr6jcm21d0dfs83h5v8latestvk975aajqrde47kr6jcm21d0dfs83h5v8mobile-appvk975aajqrde47kr6jcm21d0dfs83h5v8reactvk975aajqrde47kr6jcm21d0dfs83h5v8stitchvk975aajqrde47kr6jcm21d0dfs83h5v8typescriptvk975aajqrde47kr6jcm21d0dfs83h5v8uivk975aajqrde47kr6jcm21d0dfs83h5v8websitevk975aajqrde47kr6jcm21d0dfs83h5v8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.