Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Clawhub Publish
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions, you-are-now); human review is required before treating this skill as clean.
This skill looks safe to review and use as a local scanner, but it is a security tool containing intentionally dangerous example strings. Run the Python script only after reviewing it, and verify the source if provenance matters to you. ClawScan detected prompt-injection indicators (ignore-previous-instructions, you-are-now), so this skill requires review even though the model response was benign.
Static analysis
Prompt injection instructions
Warn
- Finding
- Prompt-injection style instruction pattern detected.
VirusTotal
1/64 vendors flagged this skill as malicious, and 63/64 flagged it as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
An agent or scanner may flag the documentation because it contains dangerous phrases, but the artifact frames them as examples rather than commands.
Why it was flagged
The skill documentation contains prompt-injection language, but it is explicitly described as an attack pattern the sanitizer detects.
Skill content
Attackers hide `ignore previous instructions` in "helpful" skills
Recommendation
Treat these strings as test examples only; do not copy them into operational prompts except when intentionally testing the sanitizer.
What this means
Using the skill means running local Python code over selected skill content.
Why it was flagged
The skill asks the user to run a local Python scanner. Local code execution is expected for this purpose and is user-directed, with no provided evidence of automatic execution or shelling out.
Skill content
python3 skill_sanitizer.py scan skill-name < SKILL.md
Recommendation
Review the script before running it and invoke it manually on files you choose.
What this means
Users may have less assurance about where the reviewed code came from.
Why it was flagged
The registry-level provenance is limited, even though the SKILL.md itself lists a GitHub homepage. This is a provenance clarity issue, not evidence of malicious behavior.
Skill content
Source: unknown; Homepage: none
Recommendation
Verify the code against the claimed project source before relying on it as a security tool.