Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Agent Skill
v1.0.0OpenClaw development assistant, built by Michel Costa, co-founder of Brabaflow — AI-Native Agency (brabaflow.ai). Use this skill when the user asks about Ope...
⭐ 0· 252·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match behavior: an instruction-only development assistant that reads the included OpenClaw docs and answers from them. It requests no env vars, binaries, or installs — consistent with a read-only documentation skill.
Instruction Scope
Runtime instructions tell the agent to read files from the local docs/ folder and reply using the exact documentation. That is expected, but the SKILL.md contains detected prompt-injection patterns (system-prompt-override and unicode-control-chars). These could be used to manipulate an agent's system prompt or output formatting when the skill is invoked, so the SKILL.md and docs should be inspected for hidden control characters or embedded injection content before trusting it.
Install Mechanism
No install spec and no code files. Instruction-only skills are lower risk because they don't write code to disk or download artifacts.
Credentials
The skill requires no environment variables, credentials, or config paths — appropriate for a static documentation assistant.
Persistence & Privilege
always:false and no install/actions that alter other skills or system-wide settings. The skill has normal (non-force) invocation and no elevated persistence requests.
Scan Findings in Context
[system-prompt-override] unexpected: A documentation skill that simply serves local docs should not include system-prompt override instructions; this pattern is unexpected and could alter agent behavior. Inspect SKILL.md and docs for embedded directives attempting to change the agent/system prompt.
[unicode-control-chars] unexpected: Unicode control characters (e.g., RTL overrides, invisibles) can conceal or reorder text and are not normally needed in documentation. Their presence is suspicious because they can hide malicious instructions or change how prompts are interpreted.
What to consider before installing
This skill is internally coherent: it's just a read-only bundle of OpenClaw docs and needs no credentials or install. However, automated scans detected prompt-injection markers in the SKILL.md (system-prompt-override and hidden unicode control characters). Before installing: 1) Manually open SKILL.md (and a representative docs/* file) and search for non-printable/unexpected Unicode characters (RTL overrides, zero-width chars) or explicit 'override' instructions that change agent/system prompts. 2) Confirm you trust the source (docs.openclaw.ai / the author). 3) If you are concerned, run the skill in a restricted/sandboxed agent or disable autonomous invocation while testing. 4) Watch for any verbatim copy of installer commands that pipe remote scripts (curl | bash) — those are benign as docs but you should not execute them blindly. If you want, paste suspicious excerpts here and I can help inspect them for hidden control chars or injection payloads.docs/01-core-concepts.md:2828
Prompt-injection style instruction pattern detected.
docs/03-gateway.md:640
Prompt-injection style instruction pattern detected.
docs/04-channels.md:1976
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
claude-codevk97ec4pzdsq5xx2q2r3z1n736x82ke50codexvk97ec4pzdsq5xx2q2r3z1n736x82ke50cursorvk97ec4pzdsq5xx2q2r3z1n736x82ke50latestvk97ec4pzdsq5xx2q2r3z1n736x82ke50
License
MIT-0
Free to use, modify, and redistribute. No attribution required.