ClawHub
Back to skill
v1.0.5

Skill Vetter Plus

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 2:57 PM.

Analysis

Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.

GuidanceUse this only if you want a simple text-search scanner. Run it on a specific skill directory, not your home directory or broad private folders. Do not rely on deep, batch, or semgrep-based scanning in this version unless you independently verify an implementation that supports it. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/vetter.py
for root, _, files in os.walk(skill_dir): ... yield Path(root) / fname

The scanner recursively processes every file under the user-supplied path. This is expected for its purpose, but users should avoid pointing it at broad private directories.

User impactIf run on a broad folder, the tool may read many local files while scanning, although the shown code reports only findings, paths, and line numbers rather than uploading file contents.
RecommendationRun it only on the specific skill directory you intend to review.
Human-Agent Trust Exploitation
SeverityLowConfidenceHighStatusNote
skill.json
"deep": ... "Use extended semgrep rules (requires semgrep)" ... "scan-batch"

The metadata advertises deep and batch scanning, while SKILL.md says these are not implemented and the included CLI only defines a path and --json option. This can create false expectations about coverage.

User impactUsers may believe they are getting deeper security analysis than this version actually provides.
RecommendationTreat this as a simple text-search scanner only, and verify any claimed deep/batch features before relying on them.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
scripts/vetter.py
Detection strings stored as ASCII integer arrays to avoid literal matches in ClawHub's static code scanner. Decoded at runtime.

The encoded detection strings are disclosed and purpose-aligned for a scanner that searches for dangerous fragments, but they intentionally make simple literal static checks less straightforward.

User impactReviewers need to understand that the encoded strings are scanner signatures, not hidden runtime actions.
RecommendationReview the decoded fragments and source behavior when auditing the skill; the provided code shows local text matching rather than execution or network transfer.