Skillv1.0.0

ClawScan security

Prompt Injection Tester · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 12:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only prompt-injection testing guide that is internally consistent with its stated purpose and does not request credentials or install code.
Guidance: This skill is coherent for red-team testing: it contains attack payload examples and step-by-step testing guidance but does not request credentials or install code. Before using it, ensure you have explicit authorization to test the target systems (running these payloads against production systems or systems you don't own may be illegal or disruptive). Run tests in isolated/sandboxed environments or on non-production copies of services, log and monitor test activity, and avoid exposing or exfiltrating real sensitive data during tests. If you plan to integrate this into an autonomous agent, review and limit the agent's permissions and make sure human oversight is required for any tests that could affect production systems.
Findings: [ignore-previous-instructions] expected: This pattern appears in the SKILL.md as an example of a direct injection payload. For a prompt-injection tester, including this string is expected and explanatory rather than an indicator of malicious intent. [you-are-now] expected: The 'you are now' role-switching pattern is listed as an attack vector. Its presence aligns with the skill's stated purpose of enumerating injection techniques.

Purpose & Capability: okThe name/description (prompt injection tester) match the SKILL.md content: it defines attack categories, test execution steps, defense evaluation, and hardening recommendations. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope: noteInstructions stay within testing scope (craft payloads, submit via app input, analyze responses). The document includes many explicit injection example phrases (e.g., 'Ignore previous instructions', 'You are now ...') — this is expected for a red-team/tester skill but is also why the skill could be misused if run without authorization. The SKILL.md does not instruct the agent to read system files, environment variables, or other unrelated secrets.
Install Mechanism: okNo install spec and no code files are present (instruction-only), so nothing is written to disk or downloaded during installation.
Credentials: okNo environment variables, credentials, or config paths are required. The requested scope of access is proportionate to the stated purpose.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request permanent presence or system-wide configuration changes.