ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SAFE-Fuzzer

v1.0.0

Sandbox-only behavior-led gray-box skill fuzzer. Spawns a worker subagent, probes an installed target skill, deploys honeypot fixtures, and returns a structu...

0· 49·0 current·0 all-time
by@agentsey·duplicate of @archidoge0/safe-fuzzer-deprecated
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match what the SKILL.md instructs: spawn a worker subagent, deploy honeypot fixtures, probe a target skill, and produce a structured JSON report. Use of sessions_spawn/sessions_send to create a worker subagent is expected for this purpose.
Instruction Scope
Instructions explicitly require sandboxed execution and forbid reading host auth files and env vars; they allow limited gray-box reads of target-owned files (./skills/<target>/**) for planning. This scope is reasonable for a gray-box fuzzer, but it grants the agent discretionary read access to target source/docs which could include sensitive data. The SKILL.md relies on the runtime to enforce the preflight checks (sandbox present, elevated exec unavailable)—the instructions cannot enforce that themselves.
Install Mechanism
Instruction-only skill with no install steps or remote downloads. No packages or external installers are pulled by the skill files included—this lowers install-time risk.
Credentials
The skill requests no environment variables or credentials, which is proportional. However README guidance suggests installing the tested target into ~/.openclaw/workspace-fuzzer; that host-path recommendation could cause users to place target artifacts in the host home directory outside the sandbox unless they understand how their sandbox maps home/workspaces. Confirming sandbox isolation is therefore essential.
Persistence & Privilege
always:false and disable-model-invocation:true (no autonomous model invocation) reduce persistent/automatic risk. The skill spawns worker subagents for execution, which is coherent with its purpose; this increases blast radius if the runtime's session-spawn API isn't properly sandboxed, but the skill itself does not request always-on privileges or cross-skill config changes.
What to consider before installing
This skill is broadly coherent with its stated purpose, but do not run it on a non-isolated environment. Only run from a locked sandbox with verified host boundary enforcement and elevated exec disabled. Before installing/using: (1) verify your sandbox maps workspaces so that any recommended host paths (e.g., ~/.openclaw/workspace-fuzzer) are inside the sandbox or change them to sandbox-local paths, (2) run with the smallest preset first (min) and synthetic fixtures only, (3) confirm the platform enforces the SKILL.md preflight checks (sandbox presence and no elevated exec), and (4) review the target skill's repository for embedded secrets or host-path references because the fuzzer is allowed to read target-owned files during gray-box planning. If you cannot guarantee isolation or you see host-paths being used, treat this skill as high-risk and do not run it against real or sensitive workloads.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwqtjsk0jxdbrfv3x6154d583t1da

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments