ClawHub

Council

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: council-of-the-wise Version: 1.4.0 The skill bundle is classified as suspicious due to a significant prompt injection vulnerability. The `SKILL.md` and `README.md` files describe and implement an auto-discovery mechanism for agent personas from `.md` files within the `agents/` folder. The content of these discovered agent files is dynamically injected directly into the sub-agent's prompt, allowing for arbitrary instructions to be executed by the AI agent if a malicious `.md` file is introduced into the `agents/` directory. While the provided default agent files are benign, this design pattern creates a high-risk vulnerability that could be exploited for data exfiltration or unauthorized actions.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI06: Memory and Context Poisoning
What this means

If you add an untrusted council member file, it could influence the analysis or output style in future uses.

Why it was flagged

The skill intentionally treats local Markdown persona files as authoritative context for future council runs. This is purpose-aligned, but custom or untrusted files placed in the agents folder could steer the sub-agent's behavior.

Skill content
Any `.md` file in that folder (except README.md and synthesis.md) becomes a council member.
Recommendation

Only add or keep trusted persona files in the agents folder, and review custom agent Markdown before using it.

NoteHigh Confidence
ASI07: Insecure Inter-Agent Communication
What this means

Private or sensitive information included in the idea may be processed by the spawned model sub-agent.

Why it was flagged

The skill passes the user's submitted idea or document into a spawned sub-agent for analysis. This is clearly disclosed and necessary for the skill, but it is still an agent-to-agent data flow users should understand.

Skill content
Spawn a sub-agent with **5-minute timeout** using this task template: ... **The Idea:** [user's idea here]
Recommendation

Avoid sending secrets or highly sensitive documents unless you are comfortable with your Clawdbot/model provider handling that content.