Clone Farm Detector

PassAudited by ClawScan on May 1, 2026.

Overview

This instruction-only skill is coherent with its stated clone-detection purpose and shows no evidence of credentials, persistence, hidden code, or account-changing behavior.

This appears safe to install as a triage aid, but treat SUSPECT or FARMING labels as leads rather than proof and have a human review the evidence before taking external action.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Info

#ASI02: Tool Misuse and Exploitation

What this means

When invoked, the agent may fetch marketplace data and run local comparisons; the artifacts do not show credential use, account changes, destructive actions, or hidden execution.

Why it was flagged

The skill may use command-line and network-capable tooling to retrieve and compare marketplace records, but this is disclosed and directly tied to the clone-farm detection purpose.

Skill content

requires: bins: [curl, python3] ... A publisher node ID to scan their published catalog ... A marketplace search term to check top results for cloning

Recommendation

Use it on marketplace data you intend to analyze, and review the generated evidence before reporting or penalizing any publisher.