ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Massat Security Audit

v1.0.0

Security audit for multi-agent AI systems - OWASP ASI01-ASI10

0· 20·0 current·0 all-time
by@craigmbrown
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a MASSAT/BlindOracle network-based audit service and the shown curl examples align with that purpose. However the skill metadata in the runtime instructions declares file_read permission (but the examples never show reading local files), and the registry metadata lists no required env vars while the service requires an ecash payment header for paid audits. The missing homepage/source and an opaque owner ID are additional provenance gaps.
Instruction Scope
The instructions are narrow: POST a target repo URL to an external API and receive an audit report. They do not instruct reading unrelated system files or environment variables. That said, the declared permission set (network + file_read) is broader than what the examples use, and some claims (e.g., 'validate Microsoft AGT runtime governance') are vague and not mapped to concrete steps.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes on-disk footprint and install-time risk.
!
Credentials
Registry declares no required env vars, yet the SKILL.md requires a payment header (X-Payment: x402) for full audits. The skill also declares file_read permission without showing why it is needed. Sending repository URLs or potentially uploading code to an external endpoint (craigmbrown.com) is sensitive — the skill requests network access and possibly file reads that could expose secrets if the implementation were to upload or read local repos.
Persistence & Privilege
always is false and there is no install-time persistence. Autonomous invocation is allowed (platform default) but not combined with other high privileges in the manifest.
What to consider before installing
This skill is an instruction-only wrapper around an external audit API (craigmbrown.com / BlindOracle). Before installing: 1) Confirm the vendor (craigmbrown) and service reputation and review the privacy policy — the skill will send targets (repo URLs) over the network and could expose code or metadata. 2) Clarify payment handling: who provides the X-Payment token, how it's stored, and whether it should be supplied via a secure env var rather than embedded. 3) Ask why file_read permission is declared and whether the skill will ever read or upload local repositories or files; avoid giving it access to sensitive local repos unless necessary. 4) Test on non-sensitive or public repos first. If you need stronger assurance, request a signed provenance (homepage, source repo, or contact) and an explicit explanation of what data is transmitted to the external API.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b414mez1562a9jq5k2xzjx984921d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments