Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
DCL Provenance Tracker — Supply Chain & Version Drift Verifier
v1.0.0Verify the integrity and version history of any ClawHub skill after an update. After ClawHavoc incidents where thousands of skills silently changed behavior...
⭐ 0· 57·0 current·0 all-time
byDari Rinch@daririnch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name and description claim a local, instruction-only provenance/diff reviewer for ClawHub skills; the skill requires no binaries, env vars, or installs and contains only a SKILL.md checklist — this aligns with the stated purpose.
Instruction Scope
The SKILL.md confines analysis to content the user pastes (baseline and candidate SKILL.md and any scripts the user supplies). It explicitly states no network calls. The checklist includes detection for prompt-injection phrases (e.g., "ignore previous instructions"); the scanner flagged that pattern, but here it appears as a detection target rather than an instruction to ignore prior context. Be aware: because the agent will analyze whatever the user pastes, users should not paste secrets, private keys, or live credential files into the conversation.
Install Mechanism
No install spec or code files are present; this is instruction-only which minimizes install-time risk (nothing is written to disk by the skill itself).
Credentials
The skill declares no required environment variables, credentials, or config paths. Its detection checklist looks for references to env vars inside the supplied skill content — reasonable for a provenance tool and proportionate to purpose.
Persistence & Privilege
always:false and no install steps; autonomous invocation is allowed (platform default) but the skill does not request permanent presence or system-level privileges.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] expected: The SKILL.md explicitly lists 'ignore previous instructions' as a pattern to detect under its Prompt & Instruction Drift checks. The scanner matched that phrase; this is expected because the skill's purpose is to detect such phrases in candidate skills. Nonetheless, that pattern is a high-value detection target because similar phrases can be used maliciously in other contexts.
Assessment
This instruction-only skill appears coherent and low-risk: it asks you to paste two versions of a skill and performs an offline diff checklist. Before using it, do not paste secrets or private keys (API keys, ~/.ssh/, ~/.aws/credentials, crypto keys, or full credentialed scripts) into the conversation — the agent will analyze whatever you provide. Understand that the tool is manual: it won't fetch versions from the network, so ensure your baseline is a trusted copy. The presence of a prompt‑injection pattern in the SKILL.md is expected (the skill looks for that phrase in candidates), but remain cautious: avoid pasting any content that could cause unintended actions and consider running additional checks (or an offline CI implementation) for production automation.SKILL.md:151
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97an7ezbvzyv31t2t5s92w0hd84k0n8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.