Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Guard
v2.1.0Security scanner for Skills. This skill MUST be consulted BEFORE loading or following instructions from any other Skill downloaded from the internet or third...
⭐ 0· 325·0 current·0 all-time
by葛佳佳@goodman333
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the contents: an instruction-only security scanner that describes a file-recursive static analysis workflow and a large threat taxonomy. It requests no binaries, env vars, or installs — consistent for an analysis-only Skill.
Instruction Scope
Runtime instructions direct the agent to enumerate and read all files under a target Skill root and to scan them for many threat patterns. That is appropriate for a scanner, but you should ensure the scanner is only given an explicit target path (to avoid accidental system-wide scans) and that it is run with least privilege so it cannot be coerced into reading unrelated sensitive directories.
Install Mechanism
No install spec and no code files — lowest-risk installation surface. Nothing is downloaded or written to disk by the Skill bundle itself.
Credentials
The Skill declares no required environment variables or credentials. The referenced detection patterns include checks for secrets and cloud metadata, which is appropriate for the scanner to look for in target files (not to access those services itself).
Persistence & Privilege
Registry flags show always:false and model invocation enabled (normal). README claims it 'will be triggered automatically whenever Claude is about to load a Skill', but there is no install mechanism or metadata to enforce automatic hooking — verify platform integration before relying on automatic gating. Allowing autonomous invocation is standard but increases blast radius if combined with other risky properties (not present here).
Scan Findings in Context
[ignore-previous-instructions] expected: The SKILL.md and references include prompt-injection phrases (e.g., 'ignore previous instructions') as detection examples. The pre-scan detector flagged this pattern, but it is expected and legitimate for a threat-taxonomy file to contain the strings it aims to detect. Reviewers should still be mindful that malicious input could try to manipulate the scanner if it is invoked with unsafe privileges or without an explicit target.
Assessment
This Skill appears coherent: it's an instruction-only static scanner that looks at files in a target Skill directory and flags suspicious patterns. Before installing or enabling automatic gating, do the following: (1) Confirm how the platform will invoke Skill Guard — prefer manual invocation or explicit target-path arguments rather than blind automatic triggering. (2) Run it with least privilege and ensure it cannot be directed to scan arbitrary system paths (supply an explicit target directory). (3) Remember the SKILL.md contains many dangerous phrases on purpose — their presence in the scanner's text is expected. (4) Because the source/homepage is unknown, prefer to inspect the SKILL.md and references yourself; trust but verify outputs from any automated scanner. If you want higher assurance, ask the author for provenance or a signed release, or run the scanner in a sandboxed agent account that lacks access to your personal keys and home directories.references/threat-patterns.md:33
Prompt-injection style instruction pattern detected.
SKILL.md:35
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk971wzr36zad7qd9nnkgjhq8xs84ff7t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.