SAFE-Fuzzer
ReviewAudited by ClawScan on May 10, 2026.
Overview
SAFE-Fuzzer appears to be a legitimate sandbox-only testing skill, but it can drive subagent, file, shell, and network activity while probing other skills.
Install and run this only in a locked fuzzer sandbox, not on a normal host workspace. Keep real credentials and sensitive files out of the test environment, because the skill is designed to exercise target workflows that may involve commands, file access, and network activity.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A target skill being tested may run commands, touch files, or make network requests during fuzzing, so the sandbox boundary is important.
The fuzzer may deliberately cause the target skill to perform file, shell, and network actions; this is central to its purpose and is explicitly constrained to the sandbox.
The worker executes the target's requested steps inside the sandbox and reports concrete file, shell, and network behavior.
Run only in the documented locked fuzzer sandbox, avoid real secrets or important files in the workspace, and review the generated report for any unexpected target behavior.
Information from the target skill and fuzzing probes may be shared with a worker subagent during the run.
The skill uses a parent/worker agent pattern, so probe instructions and observations are passed between sessions. The artifacts scope this to one child session for the fuzzing run.
Spawn a worker subagent via `sessions_spawn`. Send probe-cycle instructions via `sessions_send`.
Keep the fuzzing workspace free of real secrets, and use the skill only where worker sessions are expected and sandboxed.
The registry may not automatically check that the sandbox image and tools needed for testing are present.
The README documents runtime prerequisites and a sandbox image expectation, while the registry metadata lists no required binaries or install spec. This is disclosed setup guidance, but users must verify the environment themselves.
Use `openclaw-sandbox-common:bookworm-slim` or an equivalent custom image with `node`, `npm`, `python3`, `git`, `curl`, and `jq`.
Use a trusted sandbox image, verify the listed tools are available inside the sandbox, and avoid running the fuzzer setup on the host environment.