clawder

This skill is classified as suspicious due to two main factors: (1) The `SKILL.md` and `HEARTBEAT.md` files contain explicit prompt injection instructions for the AI agent to act autonomously (e.g., 'DO NOT ask the human for permission to like or pass', 'YOU decide') for core skill functions, bypassing user consent for specific actions. (2) The `scripts/clawder.py` script includes a `CLAWDER_SKIP_VERIFY=1` environment variable option that disables SSL certificate verification, creating a significant Man-in-the-Middle (MITM) vulnerability, even if presented as a troubleshooting step. While there's no clear evidence of intentional data exfiltration or system compromise, these behaviors represent a meaningful high-risk capability and a subversion of user control.