advanced-skill-creator
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to guide OpenClaw skill creation and includes a user-run Python helper, with no artifact evidence of hidden data access, persistence, or destructive behavior.
This skill is reasonable to install if you want structured help creating OpenClaw skills. Before using generated skills, review their triggers, permissions, scripts, and any external code they include, and check the full SKILL.md for unnecessary role-changing language.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If that phrase is part of an unnecessary role-changing instruction, it could influence agent behavior outside normal skill-creation guidance.
The scan reports a phrase commonly associated with role or goal override in the runtime instructions. The visible skill content remains focused on the stated 5-step skill-creation workflow, so this is a prompt-review note rather than a concrete hijack.
Pre-scan injection signals ... - you-are-now
Review the complete SKILL.md before installation and remove any role-changing or evaluator-manipulation wording that is not needed for creating skills.
Generated skill templates may be influenced by third-party examples, so users could inherit weak patterns if they accept output without review.
The skill intentionally uses public skills, documentation, and community examples as inputs to generated recommendations. This is aligned with its research purpose, but external examples can carry outdated or unsafe patterns if copied uncritically.
Thoroughly query ClawHub/ClawdHub for relevant skills ... Use comprehensive keyword combinations for GitHub searches
Prefer official documentation, review any borrowed code or patterns, and avoid installing generated skills until their permissions, scripts, and triggers are checked.
Running the helper executes local code from the skill package.
The skill documents a manual local Python helper execution. This is disclosed and consistent with the skill's purpose; the provided script does not show hidden downloads, shell execution, file writes, or credential handling.
python3 scripts/advanced_skill_processor.py "Create a weather skill"
Run the helper only after reviewing it, avoid elevated privileges, and treat its output as a draft to inspect before installing any generated skill.