ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cx Agent Studio

v1.0.0

Guide and instructions for using Google Customer Experience Agent Studio (CX Agent Studio). Use when creating conversational agents, writing or structuring i...

0· 304·0 current·0 all-time
byYash Kavaiya@yash-kavaiya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (CX Agent Studio guidance) matches the content: design notes, instruction syntax, callbacks, tools, and evaluation guidance. There are no unrelated requirements (no env vars, binaries, or installs) that would be inconsistent with the stated purpose.
Instruction Scope
SKILL.md and referenced docs stay within builder guidance. They explicitly recommend creating Python tools and callbacks to wrap external APIs and manipulate state — this is expected for an agent-builder but means any code you or your team add (Python tools/callbacks) can run arbitrary logic and access data. The skill itself contains no executable code.
Install Mechanism
No install spec and no code files that would be written to disk. Instruction-only skills are lowest-risk from an installation perspective.
Credentials
No required environment variables, credentials, or config paths are declared. The guide discusses integrating connectors and tools in general terms but does not request secrets itself.
Persistence & Privilege
Skill flags are default (always:false, agent-invocable allowed). It does not request permanent presence or modify other skills or system settings. Autonomous invocation is allowed by platform default and not itself a reason to distrust this instruction-only skill.
Assessment
This skill is a documentation-only guide for building CX Agent Studio agents and appears internally consistent. It does not ask for credentials or install code. However, the guide encourages adding Python tools and callbacks — any Python tool or connector you attach to agents can execute arbitrary code and call external services, so: (1) review and vet any Python code or third-party connectors before enabling them, (2) avoid uploading sensitive documents to RAG/data stores you don't control, (3) enable guardrails, logging, and data-redaction settings if you use third-party integrations, and (4) audit permissions for any connectors (e.g., Salesforce, Google APIs) you configure. If you want a higher assurance, ask the publisher for provenance (homepage, owner identity) or request an explicit list of required connectors and example tool code to review before installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk973q2decxaymf2aff1ss3j5eh8205sz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments