Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

habilidades xxxxxxxx

v1.0.0

Assistente especialista em Direito Eleitoral brasileiro para responder dúvidas sobre temas eleitorais via WhatsApp. Use esta skill sempre que o usuário fizer...

⭐ 0· 127·0 current·0 all-time

by@iajonathangam2-creator

MIT-0

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (Brazilian electoral law assistant for WhatsApp) matches the included references: a set of electoral-law documents and topic index. It is reasonable that the agent must read the provided files to answer. However, many reference files go beyond static legal texts and include persona-and-workflow directives (e.g., 'you are a judge', detailed sentence-minuting rules) and meta-instructions about training/learning that are not necessary for answering short WhatsApp queries. Those meta-instructions are not proportionate to the stated lightweight Q&A use-case.

!

Instruction Scope

SKILL.md tells the agent to identify the theme, consult the index file and the relevant reference file and base answers on those files — that is coherent. However, several reference files contain embedded prompt-like commands instructing the agent to 'Guarde este comando', 'Guarde-as na memória', 'utilize todo o tempo de processamento disponível', 'aprimorar seu aprendizado de máquina', 'refaça isso cinco vezes' and other meta-operations. These directives attempt to change agent behavior, persist state, and request iterative reprocessing beyond normal Q&A. The skill also invites users to upload CSV/DOCX lists of electors for analysis — handling such uploaded personal data is plausible for the purpose, but it increases privacy risk and should be explicitly controlled. In short: the instructions in the references include potentially dangerous scope creep (memory/persistence, iterative training, indefinite processing) that are unnecessary for answering WhatsApp queries.

✓

Install Mechanism

No install spec and no code files beyond textual references; instruction-only skills present the lowest installation risk. Nothing is downloaded or executed on the host. This reduces surface for supply-chain risk.

✓

Credentials

The skill requests no environment variables, no binaries, and no config paths. That is proportional to a read-only reference Q&A assistant. However, the references instruct actions that could imply use of external systems (SisbaJud, Renajud, SEI) — these are presented as advisory/operational recommendations, not as integrations requiring credentials; if the implementer later connects to those systems, credentials would then be required, but none are declared here.

!

Persistence & Privilege

Skill flags show always:false and normal autonomous invocation. Nevertheless, multiple reference files contain explicit instructions that tell the model to store the instructions in memory, to keep persistent commands, and to perform internal 'machine learning' adjustments and prompt changes across interactions. Those embedded directives, if followed by the agent, would amount to unauthorized persistence or self-modification beyond the skill's stated remit. The skill manifest itself does not request 'always:true' or system-level privileges, but the content tries to induce persistence — this is a red flag.

Scan Findings in Context

[unicode-control-chars] unexpected: The pre-scan detected unicode-control-chars and the reference files include embedded prompt-like directives (e.g., 'Guarde este comando', 'Guarde-as na memória', 'aprimorar seu aprendizado de máquina') that look like prompt-injection attempts to influence the agent's runtime behavior. These are not necessary for a read-only reference for WhatsApp Q&A and are therefore suspicious.

What to consider before installing

This skill largely contains relevant legal material and could be useful as a read-only reference. However, several included reference files contain embedded meta-instructions that attempt to change agent behavior (store commands in memory, perform iterative retraining, use all processing time, demand re-runs). Before installing or enabling this skill: 1) Remove or sanitize any lines in the reference files that instruct the model to 'store in memory', 'aprimorar aprendizado de máquina', 'guarde este comando', 'use todo o tempo', or request self-modification — those are prompt-injection style directives and not needed for Q&A. 2) If you plan to allow users to upload CSVs or other documents, treat them as potentially sensitive personal data (voter lists) and ensure compliance with LGPD and electoral-data rules; prefer redacted or synthetic test data in early trials. 3) Test the skill in a sandbox/limited environment first, and verify the agent does not follow the meta-instructions or attempt to persist state across sessions. 4) Ask the skill author/publisher for source and homepage information (none provided); prefer skills with a verifiable publisher. 5) Consider enforcing policy controls: deny file uploads by default, require explicit human confirmation before any action beyond read-only answering, and audit outputs for disallowed behaviors. If these mitigations are not performed, avoid enabling the skill broadly — the embedded meta-instructions could cause unpredictable or inappropriate agent behavior.

Like a lobster shell, security has layers — review code before you run it.

dircomjonvk9741jt6k5ck9j7xzr4fsrxjt18363h7latestvk9741jt6k5ck9j7xzr4fsrxjt18363h7

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Comments