ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ctf Reverse

v1.0.0

Provides reverse engineering techniques for CTF challenges. Use when analyzing binaries, game clients, obfuscated code, esoteric languages, custom VMs, anti-...

0· 99·0 current·0 all-time
by@gandli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the provided documents (tools, language/platform guides, anti-analysis) are consistent: this is a comprehensive RE reference for CTFs. Requested capabilities (filesystem access, bash, Python, internet) match the stated need to install and run RE tools.
!
Instruction Scope
The SKILL.md and supporting files instruct the agent to run system-level commands (apt/brew installs, git clone, build from source), modify kernel settings (e.g., /proc/sys/kernel/yama/ptrace_scope), use LD_PRELOAD and mount namespace tricks, read /proc/*, and run dynamic hooks (Frida). Those actions require elevated privileges or change system state and could be harmful if executed in a sensitive environment. The skill also contains step-by-step bypasses that direct network interactions with remote services (C2 APIs, Firebase, Roblox asset endpoints).
Install Mechanism
This is instruction-only (no install spec), which reduces risk of automatic arbitrary code installation; however the instructions encourage installing many third-party packages (pip, apt, brew, git clones and building from source). Those manual installs will fetch and execute code from external repos.
!
Credentials
Registry metadata declares no required env vars or credentials, but the guide frequently references sensitive tokens/certificates in its examples (e.g., .ROBLOSECURITY cookie, mTLS certs for C2, Firebase auth UID) and shows workflows that interact with remote services. These sensitive items are not declared in requires.env. The skill may therefore prompt for or direct the agent to use secrets that were not signaled up front.
Persistence & Privilege
always:false and no install spec means the skill does not request forced-permanent inclusion or automatic installation. It does assume a filesystem-based agent and ability to run system commands, but it does not declare or attempt to modify other skills or global agent configuration.
What to consider before installing
This skill is a detailed, dual-use reverse-engineering reference: it can legitimately help with CTF work but also includes instructions that change system state, require root, and interact with remote services. Before installing or running it: 1) Don’t run commands verbatim on a production machine—use an isolated VM or container. 2) Expect it to ask you to install many third-party tools from the internet; review those repos first. 3) Never paste or provide secrets (cookies, API keys, mTLS certs) unless you understand the target and trust the environment—the skill contains examples that use such credentials but does not declare them. 4) Note the small metadata mismatch: SKILL.md sets user-invocable to false while registry metadata shows it as invocable—confirm intended behavior. 5) If you want only passive guidance, consider using the skill in read-only mode (no command execution) or ask for a sanitized/instruction-only summary rather than letting the agent perform installs or system edits automatically.

Like a lobster shell, security has layers — review code before you run it.

latestvk9763aeh2nade2te74tfk9ak0x83wktk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments