ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Creator Pro

v2.0.0

Create new skills, modify and improve existing skills, and measure skill performance with eval-driven iteration. Use when users want to create a skill from s...

0· 574·4 current·5 all-time
byZihao Feng@zihaofeng2001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (skill creation, eval, benchmarking, description optimization) matches the included scripts and agent guides: many files are evaluation/packaging utilities (run_eval.py, run_loop.py, generate_review.py, grader/comparator/analyzer agent prompts). It is reasonable that a skill-creator needs to read skill files, transcripts, and outputs. However, the included tools traverse and embed arbitrary files from a provided workspace and can include binary files (PDF/XLSX) as base64, which is broader access than a casual 'skill authoring helper' might imply.
!
Instruction Scope
SKILL.md and the agent files explicitly instruct reading skill SKILL.md files, transcripts, outputs, and running evaluation scripts. generate_review.py recursively finds runs under a workspace, reads many file types, base64-embeds binaries, and prepares a standalone HTML review. These instructions allow reading and packaging any file under the workspace directory (and some parent checks), so if the workspace contains secrets or unrelated data those could be included in the generated review and sent externally. The SKILL.md also mentions calling 'claude -p' and using sessions_spawn; invoking an external CLI or subagent increases scope and network interaction if present.
Install Mechanism
No install spec — instruction- and script-only. That's lower risk than arbitrary downloads. The Python scripts use only stdlib functionality (as advertised) so there is no hidden remote install. Still, scripts call subprocesses (e.g., lsof) when available.
Credentials
The skill declares no required environment variables or credentials, which aligns with its stated purpose. There are no declared external tokens or keys requested. That said, the code can call external CLIs (e.g., 'claude -p' if installed) and will attempt to open the network (viewer HTML references Google Fonts) and run local commands (lsof), so the absence of declared creds is coherent but doesn't eliminate runtime network/local interactions.
Persistence & Privilege
always: false and default model invocation are preserved (no forced always-on). The skill does not request to modify other skills or global agent settings. Scripts write or embed review/feedback files within the supplied workspace, which is expected for an eval tool and scoped to the workspace rather than global config.
What to consider before installing
This skill is mostly coherent with its purpose, but exercise caution before running it against a workspace that may contain secrets or sensitive files. Specific points to consider: - The included scripts (e.g., eval-viewer/generate_review.py) recursively read files from a workspace and embed text/binary files (PDF, XLSX, images) into a standalone HTML, so any secrets in that workspace could end up embedded in the generated HTML. - The scripts use subprocess.run (e.g., to call lsof to kill a port) and may attempt to invoke an external CLI ('claude -p') if present — review those calls and avoid running them if you don't trust the environment or the external tools. - The generated viewer.html loads Google Fonts (network call) and the Python script may spawn a tiny HTTP server and open a browser; if you plan to share the generated HTML, confirm it contains only intended content. Mitigations before installing/using: - Inspect the repository locally (you already have the files) and read generate_review.py and run_loop.py to understand exactly which paths they read and which subprocesses they call. - Run the scripts only on a dedicated, scrubbed workspace that contains only the eval artifacts you intend to expose. Remove any credentials, private keys, or unrelated files first. - If you need extra safety, run the scripts in an isolated environment (container, VM) with no network and limited filesystem mounts. - If you won't use the optional external CLI (claude -p), disable or remove those code paths to avoid accidental invocation. - Prefer manual review of the generated HTML before sending it to others; verify that the content included is expected. Given these behaviors, the skill is not clearly malicious but has broader file- and process-access than casual users might expect — classify as suspicious until you confirm you're running it in a safe, intended workspace.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dscy0gh5t4em9mwae5t3hf5830pms

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments