Prompt Safe
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
This skill appears safe to review or use as a prompt-assembly helper, especially because it has no declared credentials, install commands, or network access. Before installing, inspect the Python helper, test token counting with your actual model, and make sure any long-term memory used with it is user-approved, editable, and not treated as authoritative system instructions. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Old, incorrect, or malicious memory entries could affect how an agent responds.
The helper retrieves memory and appends summarized memory into the final prompt. This is purpose-aligned, but retrieved or persistent memory can influence later model behavior if stale or poisoned.
memories = memory_search_fn(query=user_input, top_k=self.memory_top_k) ... full_parts = base_parts + summarized
Use only user-approved memory, keep memory review/delete controls, and label retrieved memory as reference material rather than higher-priority instructions.
A user may over-rely on the guarantee and still encounter model context-limit failures in edge cases.
The absolute guarantee is stronger than what heuristic token estimation and memory-only dropping can ensure, especially if the base prompt or user input is already too large.
Guarantees no API failure due to token overflow
Treat the skill as a helpful guardrail, not a proof of safety; validate with the target model tokenizer and add checks for oversized base prompts.
It is harder to verify the origin, maintenance history, or updates for the included helper script.
The artifacts do not provide an upstream source or homepage, which limits provenance verification. This is not unsafe by itself, but it is worth noting before copying code into an agent.
Source: unknown; Homepage: none
Review the included Python file before use and pin any local copy you adopt into your own trusted codebase.