ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Opencreator Skills

v1.0.2

Operate and build OpenCreator workflows via API. Use when the user wants to search templates, run workflows, poll results, deliver generated media, or design...

1· 45·1 current·1 all-time
byOpenCreator@zhuozhihaicloud
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name and description match the instructions and included reference docs: the SKILL.md and the many reference files clearly implement template search, workflow copy/run, parameter querying, polling, results retrieval, and workflow-building steps for the OpenCreator API. The requested operations are coherent with the declared purpose.
!
Instruction Scope
The SKILL.md and references tell the agent to: (a) require an API key and Base URL (X-API-Key header) for OpenCreator; (b) upload user-provided local media files to third-party services (tmpfiles.org and catbox.moe) and transform those URLs for use; (c) automatically poll workflow runs to terminal state (with fixed intervals) and deliver media directly. Uploading user files to public hosts and automatic, persistent polling (without re-confirmation) go beyond small, ephemeral actions and raise privacy/exposure and operational cost concerns. The instructions also mandate never exposing internal node IDs to users, and to always deliver media (not just links).
Install Mechanism
Instruction-only skill with no install spec and no code files: lowest risk from installation (nothing is downloaded/executed by the installer).
!
Credentials
The skill's README and SKILL.md clearly require OPENCREATOR_API_KEY and OPENCREATOR_BASE_URL (the API Key is required in X-API-Key headers), but the registry metadata lists no required env vars and no primary credential. This is a direct inconsistency: the runtime requires a secret API key and base URL (production endpoint) but the skill manifest does not declare them. Additionally, the skill instructs uploading user files to public hosting services (tmpfiles.org, catbox.moe), which is a form of data exfiltration risk unless the user understands and consents. The number and sensitivity of required secrets (an API key able to run workflows and spend credits) is proportionate to the purpose, but it must be declared in the metadata — omission is suspicious.
Persistence & Privilege
always:false (good). The skill allows autonomous invocation (disable-model-invocation:false), which is platform-default. However, the runtime rules force the agent to autonomously poll job status until terminal state and to fetch results immediately, potentially causing long-running API calls and credit usage under the user's API key. Combined with the missing credential declaration and the use of public upload hosts, this increases the blast radius — but autonomy alone is expected behavior, so this is a caution rather than a blocking issue.
What to consider before installing
Before installing or enabling this skill, consider the following: - Metadata mismatch: The skill's docs explicitly require an OpenCreator API key (OPENCREATOR_API_KEY) and a base URL (OPENCREATOR_BASE_URL), but the registry metadata did not list any required environment variables or a primary credential. Ask the publisher to correct the manifest so you know exactly what secrets will be used. - Secret scope and cost: The API key the skill will use can run workflows and consume credits. If you install it, prefer creating a scoped/test API key (with minimal permissions and budget limits) rather than giving a full-production key tied to your main account. - Privacy / media hosting: The instructions tell the agent to upload any local media you provide to tmpfiles.org and catbox.moe (public file hosts) and then use those direct links. That makes your media publicly accessible and may violate privacy or IP rules. If you cannot accept public hosting of your files, do not use the skill or provide pre-hosted, access-controlled URLs you trust. - Autonomous long-running operations: The skill must poll runs to terminal state automatically and will fetch/deliver results without asking you during the run. This can mean prolonged network activity and automatic credit spend. Be sure you are comfortable with that behavior and test with a low-risk API key first. - Publisher provenance: Source/homepage is unknown. Prefer skills published by known/trusted maintainers. If you rely on this skill for production, request provenance (official repo, owner identity) and ask for a signed release or review the upstream repository. - Mitigations: If you still want to use it, (1) request that the manifest be updated to declare OPENCREATOR_API_KEY and OPENCREATOR_BASE_URL; (2) use a limited-scope/test API key and billing caps; (3) avoid uploading sensitive media — instead host files on a private URL you control and pass that link; (4) confirm whether the skill can be configured to avoid third-party upload services and to limit polling duration. Overall: the skill appears to implement what it claims, but the missing credential declaration and the explicit use of public upload services plus forced autonomous polling are material concerns. Proceed only after addressing the manifest inconsistency, confirming publisher identity, and limiting the API key / media exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk970npng2vzhzz1mpt4h15acv984azvp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments