ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Edvisage Trust Checker

v1.0.0

A protocol-layer trust verification skill for AI agents. Before you read, install, or transact — check first. Protects against prompt injection, malicious sk...

1· 38·0 current·0 all-time
byEdvisage Global@edvisage
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, README, package.json and SKILL.md all describe the same thing: a protocol (checklist) that an agent should run before trusting external content. The skill requires no binaries, no environment variables, and only memory read/write permissions which match the protocol's stated need to store mode and logs. Minor metadata inconsistency: registry metadata listed source/homepage as unknown/none while package.json includes a homepage and repository URL; this may be a packaging/registry omission but does not change the skill's core purpose.
Instruction Scope
SKILL.md contains a four-step verification protocol (source verification, intent assessment, injection scan, action confirmation). It does not instruct the agent to read arbitrary files, exfiltrate secrets, or run external code. It asks to store mode and to log detections in memory (consistent with declared permissions). The docs mention checking VirusTotal/ClawHub reviews as part of an installation checklist — that is advisory and would require external lookups if performed, but the skill itself does not demand any network credentials or embed hidden endpoints. The pre-scan 'ignore-previous-instructions' match appears because the SKILL.md explicitly lists that phrase as an example of injection to detect (expected usage).
Install Mechanism
No install spec and no code files that execute — instruction-only. README and package.json exist only to document the protocol. No downloads, no extract, no third-party packages — lowest-risk installation posture.
Credentials
The skill requests no environment variables or external credentials. The only declared permissions are read_memory and write_memory, which align with the instructions to store a mode key and log incidents in memory. There are no unexplained secret requests or config-path requirements.
Persistence & Privilege
always is false and the skill does not request to become globally persistent. It instructs the agent to store a single operating-mode key in memory (trust-checker:mode) and to log detection events — these are scoped and match its claimed functionality. It does not request or describe modifying other skills' configurations or system-wide settings.
Scan Findings in Context
[ignore-previous-instructions] expected: The pattern was detected in SKILL.md, but SKILL.md intentionally lists that exact phrase as an example of prompt-injection content to detect. This is expected for a trust/injection-checking skill.
Assessment
This skill is a protocol/checklist (no code to run) and appears internally consistent. Before installing: (1) review the full SKILL.md and README yourself to confirm you accept storing the single memory key and logs; (2) verify the publisher (package.json lists a homepage/repo — confirm those links and the author identity if you care about provenance); (3) understand the skill is advisory — if you follow its installation checklist you or the agent may perform external checks (VirusTotal, ClawHub) that require network access and possibly credentials for third-party services; (4) be aware the pre-scan flagged an injection phrase, but it appears as an intended example in the documentation; (5) if you want automated scanning or networked verification, consider the paid 'pro' companion but treat any external scanning components as additional attack surface. Overall this skill is coherent with its stated purpose.
!
SKILL.md:139
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bk2vgh9kadrwncwvxws088h840smb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments