Back to skill
Skillv1.0.2
ClawScan security
Eridian Carapace · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 13, 2026, 3:40 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions, files, and requirements are coherent with a runtime agent-hardening/prompt-injection defense tool; nothing requested or installed is disproportionate, but the package has no provenance and contains example attack payloads (which triggered a scanner), so review before applying changes is advised.
- Guidance
- This skill is internally consistent with its stated goal of runtime agent hardening and includes useful templates and rules. Before installing: 1) Verify the skill author or source (no homepage is provided). 2) Do not let the agent autonomously apply edits to AGENTS.md or create allowlist files without your explicit review — run the audit template first and approve changes manually. 3) Inspect the exact text the agent will paste into AGENTS.md and the browser-allowlist.json contents. 4) Test the rules in a non-production workspace to confirm behavior. The pre-scan flag you saw is the skill documenting attack payloads (expected), but always treat automated modification of your agent configuration as sensitive and review before applying.
- Findings
[ignore-previous-instructions] expected: The string was detected in SKILL.md but appears inside attack-vector examples (demonstrating common prompt-injection payloads). This is expected for a security-hardening skill that documents attack patterns, not evidence of covert malicious behavior. Still, it's worth manually verifying any automated edits the agent will perform.
Review Dimensions
- Purpose & Capability
- okName/description match the content: SKILL.md and the three reference docs provide patterns, an audit template, and attack-vector examples for runtime hardening. There are no unrelated env vars, binaries, or installs requested — everything declared is proportional to an agent-hardening purpose.
- Instruction Scope
- noteInstructions are narrowly scoped to hardening tasks: copy security patterns into AGENTS.md, create a browser allowlist JSON, enforce file-access and approval flows. The skill explicitly forbids reading credential files and sending secrets. One caveat: SKILL.md and references include example malicious payloads (e.g., 'ignore-previous-instructions') which triggered the pre-scan; these appear to be illustrative attack examples rather than active instructions, but you should manually review any automated edits the agent will make (e.g., when copying into AGENTS.md).
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Lowest-risk install surface — nothing is downloaded or written by a packaged installer. Risk shifts to what the agent is told to write (AGENTS.md, browser-allowlist) which should be reviewed.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The references tell the agent to protect specific credential files rather than access them. Requested privileges are minimal and appropriate for the stated purpose.
- Persistence & Privilege
- okalways is false and the skill is user-invocable (normal). The skill instructs agents to modify AGENTS.md and create a workspace allowlist file if the operator wants that — this is expected for a hardening skill. There is no instruction to modify other skills' configs or to force permanent presence.