ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Agent Security Audit

v1.0.0

Performs a comprehensive security audit of AI agents, detecting vulnerabilities, assessing risks, and providing prioritized remediation and compliance reports.

0· 33·0 current·0 all-time
by@engsathiago
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill promises a comprehensive audit (tool discovery, data-flow mapping, MCP server scans, credential checks) but declares no required binaries, no environment variables, no config paths, and provides no concrete tooling or steps. A legitimate deep audit would need access to agent configs, network endpoints, or credentials; those are not requested or justified.
!
Instruction Scope
SKILL.md is high-level and instructs the agent to 'run comprehensive scan' and 'identify all tools and APIs the agent can access' without specifying which files to read, what network calls to make, or what permissions are required. That vagueness grants broad discretionary power to the invoking agent and could lead to it accessing sensitive state without explicit boundaries.
Install Mechanism
No install spec and no executable code are provided (only SKILL.md and a minimal package.json). Instruction-only skills have lower installation risk because nothing is downloaded or written to disk by an install step.
!
Credentials
The skill does not request any credentials or environment variables, yet its stated tasks (credential leak checks, MCP authentication validation, scanning services) normally require access to keys, tokens or config paths. This mismatch is suspicious: either the skill is under-specified, or it expects the invoking agent to use whatever credentials it already has.
Persistence & Privilege
always:false (default) and agent invocation is allowed. Autonomous invocation is normal, but combined with vague instructions this increases the chance the agent will act broadly when executing the audit. The skill does not request persistent presence or modify other skills.
Scan Findings in Context
[no_regex_matches] expected: The static scanner found no code patterns because this is an instruction-only skill with only SKILL.md and a minimal package.json. Absence of findings is not evidence the skill is safe — the SKILL.md itself is the runtime behavior.
What to consider before installing
This skill's claims and its documentation don't line up: it offers a deep automated audit but provides no tooling, no explicit permissions, and only vague runtime instructions. Before installing or invoking it, ask the publisher for: (1) a concrete list of commands/tools it will run and what credentials or config paths it needs; (2) the repository or source code for the audit logic; (3) a clear privacy/security boundary (what it will and will not read or transmit). If you must test it, run it in a tightly sandboxed environment with no access to production secrets or network resources, and require explicit, minimal credentials rather than letting the agent reuse existing tokens. If you cannot verify the source or get precise technical details, treat the skill as untrusted and avoid granting it access to sensitive systems or payments mentioned in its metadata.

Like a lobster shell, security has layers — review code before you run it.

latestvk9712xbp67pdh0vsthqdd41c0183ye4t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments