clawtributor
v0.0.3Community incident reporting for AI agents. Contribute to collective security by reporting threats.
⭐ 1· 1.7k·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to submit security reports to a GitHub repo and the runtime instructions show exactly that (using gh/curl to create issues). Requiring curl/gh/git is broadly consistent, though git appears unnecessary for the majority of the documented flows. The skill's homepage/repo URLs are inconsistently presented across files (SKILL.md, README.md, skill.json), which is sloppy and reduces confidence in provenance.
Instruction Scope
SKILL.md contains explicit installation and reporting steps that will download releases, extract artifacts, write files under ~/.openclaw/skills, and (optionally) programmatically create GitHub issues. The install script expects tools and paths not declared in requires (notably jq, unzip, shasum/stat checks, mktemp usage). Automated reporting instructions could cause an agent to post data to GitHub — the skill emphasizes sanitization, but the agent could accidentally include sensitive content if not strictly validated.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md instructs agents to download artifacts from GitHub releases and verifies checksums, path traversal, and file counts before extracting — a reasonable, cautious approach. Using GitHub releases is expected and lower risk than arbitrary hosts. However, the manifest/release URLs are inconsistent across files (some references to prompt-security/ClawSec, others to clawsec.prompt.security), which should be resolved before trusting downloads.
Credentials
The skill declares no required environment variables or credentials. It relies on the user's GitHub CLI (gh) authentication for issue submission rather than requesting tokens explicitly, which is appropriate. Still, automatic report submission will use the user's auth context and could leak sanitized or unsanitized content; users should confirm gh authentication and repository targets before enabling automation.
Persistence & Privilege
always:false (not forced) and model invocation is allowed (default). The skill's automated reporting capability means an agent could autonomously file GitHub issues if configured to do so; this is coherent with purpose but increases the risk of accidental data disclosure. The skill does write files into ~/.openclaw/skills when installed — expected for skills.
Scan Findings in Context
[ignore-previous-instructions] expected: The phrase 'Ignore previous instructions' is flagged by the pattern scanner, but reporting.md intentionally documents prompt-injection indicators and examples (including that phrase). This finding is expected given the subject matter and does not by itself indicate malicious intent.
What to consider before installing
This skill is plausibly what it says — it helps agents file security reports to a GitHub repo — but there are several things to check before installing:
- Verify provenance: SKILL.md, README, and skill.json reference slightly different hostnames/repos (prompt-security/ClawSec, clawsec.prompt.security, gclawsec.prompt.security). Confirm the official release URL and GitHub repository from a trusted source before downloading.
- Confirm required tools: The SKILL.md installer uses jq, unzip, shasum (or shasum-compatible tool), stat, and other shell utilities but the declared required binaries only list curl, git, gh. Ensure jq and unzip exist or update the skill's declared requirements.
- Review checksums.json before running: the installer attempts checksum verification and path-traversal checks — manually inspect the checksums.json and the release page to ensure they point to expected artifacts and hashes.
- Understand automated reporting risks: the skill can programmatically create GitHub issues using your gh auth. Make sure your agent sanitizes all evidence and that you approve reports before they are submitted; consider disabling autonomous reporting until tested.
- Test in a safe environment: install in a non-production account or VM first to observe behavior and confirm no sensitive data is posted.
If you want higher assurance, ask the publisher for a canonical release URL, signed releases, or a reproducible release process, and insist the skill declares all required binaries (jq, unzip, shasum) in its metadata.Like a lobster shell, security has layers — review code before you run it.
latestvk979vkcq7kx0xgdeew1czsbqsh80js8z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤝 Clawdis