PwnClaw Security Scan
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent with its security-scanning purpose, but users should run it only on controlled agents because it sends adversarial tests through an external service and recommends permanent prompt changes.
Before installing or using this skill, confirm you are authorized to test the target agent or endpoint, run scans in a controlled environment where possible, avoid exposing sensitive production data, and review any PwnClaw-generated system-prompt rules before making them permanent.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against a production or highly privileged agent, the test prompts may attempt to make the agent ignore instructions, misuse tools, or reveal data.
The skill intentionally exposes the agent to adversarial prompts as part of a security test. This is disclosed and purpose-aligned, but those prompts are designed to test whether the agent can be redirected.
- Prompt Injection & Indirect Injection - Jailbreaks & Refusal Bypass - Data Exfiltration & Agency Hijacking
Run scans only on agents and endpoints you control, preferably in a test configuration with limited tools and non-sensitive data.
PwnClaw may observe the endpoint being tested, the prompts sent, the agent's responses, and scan results.
The skill routes test prompts and agent responses through the external PwnClaw service or allows that service to contact the agent endpoint directly.
GET `https://www.pwnclaw.com/api/test/{token}` ... POST `https://www.pwnclaw.com/api/test/{token}` with `{ "response": "your answer" }` ... PwnClaw sends attacks directlyUse only human-issued test tokens, test only endpoints you own or are authorized to assess, and avoid sending confidential production data through the scan.
Permanent prompt changes can alter future agent behavior across sessions if adopted without review.
The skill recommends converting externally generated scan guidance into persistent agent instructions.
PwnClaw generates specific security rules based on your vulnerabilities. Add them as permanent instructions in your agent's system prompt
Review generated rules carefully, keep them narrowly scoped, and apply them through your normal change-review process before making them permanent.