ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Csv Documentation Generator

v1.6.4

Use when generating computer system validation (CSV) documentation for pharmaceutical and medical device industries, including validation plans, URS, FS, IQ/...

0· 162·0 current·0 all-time
byzealot@zealot00
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code, templates, and CLI are consistent with the stated purpose (generating VP/URS/FS/RA/IQ/OQ/PQ and RTM). Declared requiredTools (exec, write) are reasonable for running scripts and writing output files. One mismatch: SKILL.md asks the agent to read agent environment variables and git config to detect mode, but requires.env lists none — this is minor (it only reads existing env vars rather than requiring secrets).
!
Instruction Scope
SKILL.md and STANDARDS.md explicitly instruct users/agents to add code-annotation rules to the agent's system prompt so markers are added globally. That step is outside the skill's narrow scope and can affect all agent behavior: it is effectively guidance to modify a global system prompt (persistence of instructions). The skill also documents non-interactive behavior (auto-switch to autonomous mode, --auto-add to modify requirements.json, git-hook install scripts). Those features are coherent with traceability automation but expand the skill's write/modify footprint (it can auto-edit project files and install hooks).
Install Mechanism
No external install spec (downloads) is present; code is included in the package. The skill claims to auto-create a local virtualenv and pip-install dependencies on first run — expected for a Python CLI tool. There are local git-hook scripts (scripts/git-hooks/install.sh) which can modify repository hooks; review those before use.
Credentials
The skill requests no external credentials and no config paths in metadata. It does rely on reading environment variables (CSV_DOCS_MODE, OPENCLAW_MODE, agent env vars) and Git config to detect mode — plausible for agent-mode detection but not declared as required. No requests for unrelated secrets or external service tokens were found.
!
Persistence & Privilege
always:false (good). However the skill (a) recommends adding rules to the agent's system prompt (which would persist and apply across skills if the user does it), (b) can auto-switch to autonomous mode in non-interactive contexts and auto-add parsed requirements to files, and (c) includes git-hook installer scripts. Those behaviors increase the blast radius if enabled or accepted without review.
Scan Findings in Context
[system-prompt-override] unexpected: SKILL.md, README, and STANDARDS.md explicitly instruct users to add annotation rules to the agent's system prompt so @REQ/@TEST markers apply globally. While the skill documents this as a manual step, it is not necessary for basic document generation and could be used to alter global agent behavior — treat as a prompt-injection / persistence risk unless you intentionally want that change.
What to consider before installing
This skill appears to implement what it claims (document templates, code parsing, Word/Excel generation), but it contains instructions that can change global agent behavior and automatically modify files in your repo. Before installing or running: 1) Do NOT add the suggested rules to your agent's system prompt unless you understand and accept that those rules will apply to all code generation across your agent ecosystem. 2) Review scripts/generate.py, scripts/agent.py, scripts/cli.py and scripts/git-hooks/install.sh to confirm what files are written and when auto-add/auto-commit or git-hook installation will run; run initially in a sandbox or disposable repo. 3) Disable or avoid --auto-add/--yes and non-interactive autonomous mode if you want manual confirmations. 4) Check requirements.txt and run dependency installation in an isolated venv you control. 5) If you use this in an organization handling regulated data, have a compliance engineer confirm the automatic behaviors (audit logging, auto-modification) meet your policies. If you want, provide the contents of scripts/agent.py and scripts/generate.py and I can point to the exact lines that perform autonomous switching, file writes, and git-hook installation.
!
SKILL.md:477
Prompt-injection style instruction pattern detected.
!
STANDARDS.md:59
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk976srnpg00amxnpgx5q6atdyx838ykz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments