Back to skill
Skillv2.0.0
ClawScan security
Performance Optimization · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 3:49 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions mostly align with its stated purpose (web and LLM cost/performance guidance) and it is instruction-only with no installs or required credentials, but an automated scan flagged potential prompt-injection/system-prompt-override content in the SKILL.md which warrants manual review before use.
- Guidance
- This skill is instruction-only and its content matches its stated goal, but an automated scan found possible prompt-injection/system-prompt-override patterns. Before installing: 1) Open and grep the entire SKILL.md for phrases like 'ignore previous', 'system:', 'You are', 'override', or explicit instructions to change the agent's system prompt — remove/ask the author about any such lines. 2) Do not provide API keys, tokens, or other secrets to the agent just to enable this skill; if you must, use scoped/test keys. 3) Run the skill in a sandboxed/test agent first and observe what network calls or system interactions it suggests. 4) If you lack the ability to audit the full SKILL.md, treat the skill as untrusted. If you want, share the full SKILL.md contents for a line-by-line check focused on prompt-injection indicators.
- Findings
[system-prompt-override] unexpected: The static scanner detected patterns consistent with an attempt to override the agent/system prompt or inject instructions into the model's system context. This is not expected for a guidance-only skill and should be manually reviewed. The visible frontmatter (YAML) is normal metadata, but the flag indicates lines elsewhere may attempt to change the agent's system instructions or include 'ignore previous instructions' style phrases.
Review Dimensions
- Purpose & Capability
- okThe name/description (web performance + LLM cost optimization) match the SKILL.md content: guidance, examples, and model-routing concepts appear relevant. There are no declared binaries, env vars, or config paths that are unrelated to the stated purpose.
- Instruction Scope
- noteMost of the runtime instructions are focused on web performance best practices (rendering path, image/font optimization, caching, JS patterns) and some LLM cost concepts. However, the pre-scan flagged a potential 'system-prompt-override' pattern in the SKILL.md frontmatter/content. The visible excerpts do not show explicit exfiltration or credential access, but any lines that attempt to override the agent's system prompt, tell the model to ignore other instructions, or instruct broad data collection would be out-of-scope and should be inspected and removed.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. This is the lowest installation risk (nothing is written to disk by an installer).
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportionate to an instruction-only guidance skill. Note: because it discusses LLM routing and cost, an agent using this skill might be instructed to call LLM APIs — do not provide API keys or tokens to the agent unless you intend it to make those calls and the keys are scoped/limited.
- Persistence & Privilege
- okalways:false and no requests to modify other skill or system configs. The skill does not request persistent presence or elevated privileges from the manifest.