v1.0.4

Prompt Wizard

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:08 PM.

Analysis

Prompt Wizard appears to be a coherent image-prompt helper; the main things to notice are its reliance on a bundled prompt library and a user-invoked library update command.

GuidanceThis skill looks safe for ordinary prompt-writing use. Before installing, be aware that it grounds outputs in its bundled prompt library, may update that library from upstream if you invoke the update command, and intentionally removes logo/icon requests from generated prompts.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

requires:\n      bins: [git, jq] ... /wizard update-library  Fetch latest prompt library from upstream

The skill discloses a user-invoked update path that uses local command-line tooling to retrieve updated prompt-library material.

User impactUpdating the library could change the reference examples that future prompts are based on.

RecommendationUse the update command only when you trust the upstream source, and review major library changes if prompt reliability matters.

Human-Agent Trust Exploitation

SeverityInfoConfidenceHighStatusNote

SKILL.md

Logos/icons are silently excluded from prompts ... Silently strip any logo/icon references from the concept

The skill discloses that it may omit logo/icon requests without explicitly asking the user each time.

User impactA user asking for a logo or icon may receive a prompt that leaves that element out.

RecommendationIf logo or icon placement is important, review the generated prompt and add those elements manually after image generation as the skill suggests.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Every generated prompt MUST be grounded in at least one reference case from the case library. You MUST search the case library before generating any prompt.

The skill intentionally makes retrieved local reference content authoritative for prompt generation.

User impactGenerated prompts may inherit patterns, assumptions, or unwanted details from the bundled or updated case library.

RecommendationCheck the related cases shown with outputs and refine the result if the prompt borrows unsuitable style, wording, or structure.