Corlious
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
This skill looks safe to use as a cooking advice prompt. The main things to notice are the inconsistent package naming and the single removed Unicode control character; neither is evidence of malicious behavior here, but they are worth checking if you rely on package provenance. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill appears to be the advertised cooking assistant, but the naming mismatch could make it harder to confirm exactly what package was installed.
The skill identity is inconsistent across provided artifacts. This is not evidence of harmful behavior, but it is a provenance/packaging inconsistency users may want to recognize.
Registry metadata: Name: Corlious, Slug: nongshet; SKILL.md: name: Chef; _meta.json: "slug": "chef"
Before installing, confirm that the registry entry, displayed skill name, and package metadata are expected to refer to the same cooking skill.
There is no visible harmful instruction, but hidden or unusual formatting characters can make source text harder to review.
A Unicode control character was present in the source and removed during neutralization. Such characters can sometimes affect how text is displayed, but the visible instructions do not show deception or unsafe behavior.
"controlCharactersRemoved": 1
Prefer a cleaned version of the skill text without control characters, and verify that the rendered instructions match the raw source.