Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lesson
v0.1.1Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, edit, or optimize a...
⭐ 0· 84·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (skill creation, evaluation, description improvement) aligns with the provided scripts (run_eval, improve_description, aggregate_benchmark, package_skill). However, the package metadata declared no required binaries or env vars, while multiple scripts call the 'claude' CLI and expect a Claude Code session/auth to be available. The omission of 'claude' as a required binary / lack of mention of needing local CLI auth is an inconsistency that could surprise users.
Instruction Scope
Runtime behavior in the scripts goes beyond passive text: run_eval creates temporary command files under a discovered .claude/commands directory, subprocess-invokes the 'claude' client to run queries, reads/writes many files (creates and later unlinks command files), and improve_description similarly calls 'claude -p'. These operations are coherent with testing/training a skill, but they modify the user's project filesystem (writing to .claude), rely on the presence of a local CLI and auth, and can be surprising if run in an unexpected working directory.
Install Mechanism
The skill is labeled 'instruction-only' (no install spec), but the bundle contains multiple runnable scripts. There is no download-from-URL or external installer (low network-install risk), but the presence of executable scripts that expect to be run locally is inconsistent with the 'no install' declaration and increases the risk if a user executes them without review.
Credentials
The manifest declares no required env vars or binaries, yet scripts manipulate environment vars (they explicitly remove CLAUDECODE from env when spawning subprocesses) and call the 'claude' binary that requires local credentials/session. The skill implicitly requires access to the user's Claude CLI auth and write access to the filesystem (project .claude folder). These are reasonable for a skill-evaluation tool but should have been declared explicitly.
Persistence & Privilege
always is false (good). The scripts create temporary files under a project's .claude/commands and attempt to unlink them afterwards; package_skill writes a .skill zip if invoked. They don't request permanent always-on presence, nor do they modify other skills' configuration files beyond creating temporary command files in the discovered project .claude directory. Still, writing to project-level .claude folders can have side effects or be surprising; run_eval cleans up command files on normal exit but filesystem changes can persist if interrupted.
Scan Findings in Context
[subprocess_execution_called_claude] expected: Multiple scripts (run_eval.py, improve_description.py) spawn subprocesses to call the 'claude' CLI to run prompts and detect triggering. This is expected for a skill that evaluates whether Claude triggers, but the binary requirement is not declared in the skill metadata.
[writes_to_.claude_commands] expected: run_eval.py creates command files under a discovered .claude/commands/ directory to make a temporary skill available for testing. This behavior matches the stated goal (testing trigger behavior) but implies filesystem writes that may be surprising and should be disclosed.
[env_manipulation_remove_CLAUDECODE] expected: Scripts remove the CLAUDECODE environment variable when launching nested 'claude' processes. This is intended to allow nesting the 'claude' client but indicates reliance on the user's local CLI auth/session, which is not declared.
[zip_packaging_local_files] expected: package_skill.py packages the skill folder into a zip (.skill). Expected for a packager tool; it will read many files and write a zip to disk.
[network_downloads_or_remote_urls] unexpected: No external download URLs or suspicious remote endpoints were found in the truncated files; network usage appears limited to invoking the local 'claude' client (which itself may call remote APIs).
What to consider before installing
This skill contains many helper scripts that will run locally: they invoke the 'claude' CLI, create temporary files under a detected .claude/commands directory, and expect access to your local Claude session/auth. However, the skill metadata declares no required binaries or environment variables — that mismatch is important. Before installing or running anything: 1) Inspect the scripts yourself (or in a sandbox) to ensure you understand what will be written and where; 2) Do not run these scripts from a sensitive directory — run them in an isolated project or temporary workspace; 3) Confirm you have (and are willing to use) a local 'claude' CLI/session if you want the evaluation features; 4) If you prefer to avoid giving the skill access to your local model credentials, skip running scripts that spawn 'claude' and instead treat this as a code bundle to review and adapt; 5) If anything is unclear, ask the author to explicitly declare required binaries (e.g., 'claude') and explain when/where the scripts will write files and what cleanup guarantees they provide.Like a lobster shell, security has layers — review code before you run it.
latestvk97627ng7fnvg607h8my4k4zx5835zye
License
MIT-0
Free to use, modify, and redistribute. No attribution required.