Skill Creator Assistant
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent and mainly generates skill documentation, with a disclosed optional GitHub upload step that users should review before using.
This looks safe to install as an instruction-only helper. Before using the optional GitHub upload, review all generated files, confirm repo visibility and account, and avoid embedding API keys or other secrets in generated skill documentation.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, the assistant could help create a repository and upload generated files, which may make content visible or persistent depending on GitHub settings.
The skill may guide the agent to use external publishing/account mutation tools, but this is disclosed as optional and aligned with the skill-creation purpose.
After generating the SKILL.md, offer to: 1. Create a GitHub repo 2. Generate a README.md 3. Upload both files 4. Provide the repo URL
Review the generated SKILL.md and README before upload, confirm the target GitHub account and repository visibility, and approve publishing explicitly.
A user might be asked to think about or provide API credentials while designing a generated skill, and those secrets could accidentally be included in documentation if not handled carefully.
The artifact acknowledges that some generated skills may involve user-provided credentials. There is no evidence of storage, logging, or hidden transmission, but users should avoid putting secrets into generated public files.
Cannot generate skills that require external paid APIs without user providing credentials
Do not paste API keys or tokens into SKILL.md or README files; reference environment variables or secret managers instead.