ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Content Security Filter

v1.0.0

Prompt injection and malware detection filter for external content. Scans text, files, or URLs for 20+ attack patterns including instruction overrides, crede...

0· 68·0 current·0 all-time
byBryan Tegomoh, MD, MPH@bryantegomoh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included Python scanner. The script implements pattern matching, invisible-char detection, base64 decoding, and URL fetching — all appropriate for a content-security filter. No extraneous credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the script only instruct scanning of text, files, stdin, or a user-supplied URL. The pre-scan detector flagged prompt-injection phrases in SKILL.md, but those are example detection patterns and are expected for this purpose. The instructions do not direct data to third-party endpoints other than fetching the user-provided URL.
Install Mechanism
No install spec (instruction-only skill) and the included script uses Python stdlib only. Nothing is downloaded from external URLs or installed to disk beyond the bundled script.
Credentials
The skill requires no environment variables or secrets and the code does not read credentials or system config. It only uses standard Python libs and performs local file reads or URL fetches as requested by the user.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not modify other skills or system-wide settings and does not request permanent presence or elevated privileges.
Scan Findings in Context
[ignore-previous-instructions] expected: SKILL.md and the script list 'ignore previous instructions' as a detection pattern; the static detector flagged this phrase but it's legitimate example content for a filter.
[system-prompt-override] expected: References to 'system prompt' and 'override' appear as examples of injection patterns. These detections are expected and align with the skill's stated purpose.
Assessment
This skill appears to be what it claims: a local scanner implemented in a small Python script that checks text/files/URLs for prompt-injection patterns. Before installing or using it: (1) inspect the bundled script (already provided) yourself and run it in a safe environment; (2) be aware it will read any file path or URL you give it — do not point it at sensitive local files unless you trust the environment; (3) test the tool on non-sensitive inputs to verify behavior; (4) the static scanner flagged prompt-injection phrases inside SKILL.md because the skill documents the patterns it detects — that's expected, not malicious. If you plan to allow the agent to invoke this skill autonomously, ensure its use cases justify automated scanning of user-supplied content so it cannot be misused to read sensitive files without oversight.
!
SKILL.md:14
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk974x3yv4s9xx0pvm5dn5kheyd83a5hx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments