agiza_agents
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: agiza Version: 1.0.0 The bundle is a comprehensive collection of engineering utilities that appear aligned with their stated purposes; however, it is classified as suspicious due to several high-risk implementation patterns. Multiple scripts, including 'autoresearch-agent/scripts/run_experiment.py' and various evaluators like 'benchmark_speed.py', utilize 'subprocess.run(shell=True)', which creates a significant shell injection vulnerability if inputs are not strictly sanitized. Furthermore, 'skill-tester/scripts/script_tester.py' is designed to execute Python scripts found within the skill directory, and 'skill-security-auditor/scripts/skill_security_auditor.py' performs 'git clone' operations on external URLs. While the hardcoded credentials in 'payment_processor.py' are explicitly documented as intentional anti-patterns for technical debt detection demos, the overall architecture relies heavily on executing external commands and scripts, presenting a large attack surface for potential prompt injection or local exploitation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the command would fetch and install code from outside the registry context.
The skill documents a user-run remote install command through npx/GitHub while the registry source is listed as unknown and there is no install spec. This is user-directed and purpose-aligned, but provenance should be checked.
npx agent-skills-cli add alirezarezvani/claude-skills/engineering
Only run the npx install command if you trust the package and repository; prefer reviewing or pinning versions before installation.
The helper scripts can read local project files and produce analysis reports when the user or agent runs them.
The sub-skill instructs users to run bundled Python helper scripts against a chosen Terraform directory. This is expected for the stated analyzer/scanner purpose, but it is still local code execution.
python3 scripts/tf_module_analyzer.py ./terraform
Run helper scripts only from trusted skill copies and against directories you intend to analyze.
Secrets present in scanned project files could appear in the agent context or generated reports.
The Terraform security workflow is designed to inspect code for secrets and IAM issues. This is purpose-aligned, but scanned files may contain credential material.
Audit Terraform code for security vulnerabilities, secrets exposure, and IAM misconfigurations
Scan only intended repositories, avoid sharing generated reports publicly, and redact any real secrets found.
If loaded carelessly, example attack strings may appear in model context, but the artifact labels them as threats to detect.
Prompt-injection phrases appear as documented examples in a security-auditor skill, not as instructions to the evaluator or user agent.
| **System prompt override** | "Ignore previous instructions", "You are now..." | 🔴 CRITICAL |
Treat these phrases only as examples; load the security-auditor sub-skill only when doing security review work.