Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Deepagents Code Review
v1.0.0Reviews Deep Agents code for bugs, anti-patterns, and improvements. Use when reviewing code that uses create_deep_agent, backends, subagents, middleware, or...
⭐ 0· 61·1 current·1 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the content: the SKILL.md is a checklist for reviewing Deep Agents code (create_deep_agent, backends, subagents, etc.). There are no unrelated dependencies, binaries, or environment variables declared.
Instruction Scope
The instructions appear to be a concrete code-review checklist (expected). However, the pre-scan flagged a 'system-prompt-override' pattern inside SKILL.md. If present, such lines could try to change the agent's system prompt or give the skill privileged, hidden instructions; this is beyond a normal checklist and should be inspected. The provided excerpt itself does not show obvious exfiltration or unrelated file/env access, but the full SKILL.md is large (13 KB) and truncated here.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest-risk install footprint (nothing written to disk by the skill itself).
Credentials
The skill declares no required env vars, no credentials, and no config paths. That is proportionate for a code-review checklist which only needs access to the code being reviewed.
Persistence & Privilege
Flags are default (always:false, user-invocable:true). The skill does not request permanent presence or elevated privileges. Autonomous invocation is allowed by default (platform behavior) but not by itself a reason to reject; combine with other concerns if present.
Scan Findings in Context
[system-prompt-override] unexpected: The scanner found text patterns commonly used for prompt injection/system-prompt override. For a code-review checklist this is unexpected — a benign skill should not attempt to replace the system prompt or embed hidden executor instructions. Manual inspection of the full SKILL.md is recommended to confirm whether the flagged content is harmless (e.g., examples showing how Deep Agents set prompts) or malicious.
What to consider before installing
This skill appears to be a straightforward Deep Agents code-review checklist and requests no credentials or installs, which is good. However, an automated scan flagged possible 'system-prompt-override' lines in the SKILL.md. Before installing: (1) open and read the entire SKILL.md and search for lines that try to set or override the agent/system prompt, instruct the agent to ignore user instructions, or ask to exfiltrate secrets or environment variables — those are red flags; (2) if you can't review it yourself, ask the publisher for the full text and an explanation of any system-prompt manipulations; (3) if you install, run it in a sandbox or test environment first and avoid granting it access to sensitive repos or credentials; and (4) do not enable always:true or grant new credentials because the skill itself does not need them. If you see explicit instructions like 'replace the system prompt with...' or 'ignore previous instructions', treat the skill as untrusted and do not install.SKILL.md:404
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk974j0az18g051ctfwvv0rxvy1839n4z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.