ClawHub

Reverse Engineering

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This instruction-only reverse-engineering skill is coherent and safety-focused, but users should notice that it can create a local workspace with persistent engagement notes and artifacts.

This skill appears safe and purpose-aligned for authorized reverse engineering. Before installing or using it, decide whether you want it to create `~/reverse-engineering/`, keep persistent notes, and save traces or reproduction snippets. Only allow invasive probes, credential-bearing steps, fuzzing, patching, or live-system testing when the target is clearly authorized and preferably isolated.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Low
What this means

If the user authorizes invasive probes against a live or sensitive target, the work could affect systems or data.

Why it was flagged

The skill may involve high-impact reverse-engineering actions, but the artifact frames them as user-approved options and defaults to safer read-only analysis when boundaries are unclear.

Skill content
Ask what is allowed: read-only inspection, replay, instrumentation, decompilation, fuzzing, or patching.
Recommendation

Use offline copies, captures, or sandboxes where possible, and explicitly approve any replay, fuzzing, patching, authentication, or production-facing action.

#ASI06: Memory and Context Poisoning
Low
What this means

Local notes could preserve information about private binaries, APIs, traces, workflows, or target systems across sessions.

Why it was flagged

The skill creates persistent local reverse-engineering memory and artifact storage, which is useful for the workflow but can retain sensitive target details if the user permits it.

Skill content
Memory lives in `~/reverse-engineering/` ... `memory.md` ... `current-target.md` ... `artifacts/` # traces, decoded notes, and reproduction snippets
Recommendation

Before allowing the workspace to be created, confirm what will be saved, avoid storing secrets or raw sensitive payloads, and periodically review or delete the local folder if needed.