Skillv1.0.2

ClawScan security

Opencreator Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 6, 2026, 7:23 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior broadly matches its stated purpose (operating OpenCreator workflows) but the runtime instructions require API credentials and direct uploading of user media to third-party hosts while the registry metadata does not declare those credentials — plus the skill instructs autonomous long-running polling and use of public upload services, which raises privacy/cost/exposure concerns.
Guidance: Before installing or enabling this skill, consider the following: - Metadata mismatch: The skill's docs explicitly require an OpenCreator API key (OPENCREATOR_API_KEY) and a base URL (OPENCREATOR_BASE_URL), but the registry metadata did not list any required environment variables or a primary credential. Ask the publisher to correct the manifest so you know exactly what secrets will be used. - Secret scope and cost: The API key the skill will use can run workflows and consume credits. If you install it, prefer creating a scoped/test API key (with minimal permissions and budget limits) rather than giving a full-production key tied to your main account. - Privacy / media hosting: The instructions tell the agent to upload any local media you provide to tmpfiles.org and catbox.moe (public file hosts) and then use those direct links. That makes your media publicly accessible and may violate privacy or IP rules. If you cannot accept public hosting of your files, do not use the skill or provide pre-hosted, access-controlled URLs you trust. - Autonomous long-running operations: The skill must poll runs to terminal state automatically and will fetch/deliver results without asking you during the run. This can mean prolonged network activity and automatic credit spend. Be sure you are comfortable with that behavior and test with a low-risk API key first. - Publisher provenance: Source/homepage is unknown. Prefer skills published by known/trusted maintainers. If you rely on this skill for production, request provenance (official repo, owner identity) and ask for a signed release or review the upstream repository. - Mitigations: If you still want to use it, (1) request that the manifest be updated to declare OPENCREATOR_API_KEY and OPENCREATOR_BASE_URL; (2) use a limited-scope/test API key and billing caps; (3) avoid uploading sensitive media — instead host files on a private URL you control and pass that link; (4) confirm whether the skill can be configured to avoid third-party upload services and to limit polling duration. Overall: the skill appears to implement what it claims, but the missing credential declaration and the explicit use of public upload services plus forced autonomous polling are material concerns. Proceed only after addressing the manifest inconsistency, confirming publisher identity, and limiting the API key / media exposure.

Review Dimensions

Purpose & Capability: okName and description match the instructions and included reference docs: the SKILL.md and the many reference files clearly implement template search, workflow copy/run, parameter querying, polling, results retrieval, and workflow-building steps for the OpenCreator API. The requested operations are coherent with the declared purpose.
Instruction Scope: concernThe SKILL.md and references tell the agent to: (a) require an API key and Base URL (X-API-Key header) for OpenCreator; (b) upload user-provided local media files to third-party services (tmpfiles.org and catbox.moe) and transform those URLs for use; (c) automatically poll workflow runs to terminal state (with fixed intervals) and deliver media directly. Uploading user files to public hosts and automatic, persistent polling (without re-confirmation) go beyond small, ephemeral actions and raise privacy/exposure and operational cost concerns. The instructions also mandate never exposing internal node IDs to users, and to always deliver media (not just links).
Install Mechanism: okInstruction-only skill with no install spec and no code files: lowest risk from installation (nothing is downloaded/executed by the installer).
Credentials: concernThe skill's README and SKILL.md clearly require OPENCREATOR_API_KEY and OPENCREATOR_BASE_URL (the API Key is required in X-API-Key headers), but the registry metadata lists no required env vars and no primary credential. This is a direct inconsistency: the runtime requires a secret API key and base URL (production endpoint) but the skill manifest does not declare them. Additionally, the skill instructs uploading user files to public hosting services (tmpfiles.org, catbox.moe), which is a form of data exfiltration risk unless the user understands and consents. The number and sensitivity of required secrets (an API key able to run workflows and spend credits) is proportionate to the purpose, but it must be declared in the metadata — omission is suspicious.
Persistence & Privilege: notealways:false (good). The skill allows autonomous invocation (disable-model-invocation:false), which is platform-default. However, the runtime rules force the agent to autonomously poll job status until terminal state and to fetch results immediately, potentially causing long-running API calls and credit usage under the user's API key. Combined with the missing credential declaration and the use of public upload hosts, this increases the blast radius — but autonomy alone is expected behavior, so this is a caution rather than a blocking issue.