Rubicon Sentinel v2 — Sovereign Forge
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: rubicon Version: 2.0.0 The skill is classified as suspicious due to its extensive reliance on `web_search` and `web_fetch` capabilities, as instructed in `SKILL.md` and guided by `references/queries.md`. While these tools are necessary for the skill's stated purpose of geopolitical analysis, they inherently introduce a significant attack surface for potential second-order prompt injection or data misinterpretation by the AI agent from untrusted external content. No direct evidence of malicious intent, data exfiltration beyond stated API usage, or explicit harmful instructions was found within the skill bundle.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your scan topic may be sent to search/fetch providers, and web pages may shape the analysis.
The skill relies on external search and fetch tools to produce scans. This is central to the stated purpose and not suspicious by itself, but retrieved web content can influence the agent's output.
Run 6–8 `web_search` calls ... `web_fetch` top 3–5 results for deeper analysis.
Use it mainly for public topics, review the cited sources, and avoid including private information in scan prompts.
If that token is present, the agent may use it for X/Twitter searches and consume the token's allowed API access.
The skill names an optional credential and limits its purpose to social-sentiment queries, but the registry metadata declares no environment variables or primary credential.
X/Twitter API (optional, for social sentiment — uses TWITTER_BEARER_TOKEN)
Only expose a least-privilege/read-only token if you want this feature, and remove the environment variable when you do not.
Past scan context may influence future scores or trend arrows.
The scoring rubric explicitly allows prior scan memory to affect trend indicators, which is useful for the feature but can also carry stale or biased context into later results.
Trend: Compare to last scan (↑/↓/→) using memory or public data deltas.
Review or clear stored memory if results look stale or biased, and avoid placing sensitive personal details into scan requests.
Outputs may sound more definitive or objective than the underlying scoring and source quality justify.
The skill uses strong authoritative and ideological language. This is disclosed as part of its style, but it may encourage users to over-trust subjective scoring.
Built for users who want truth over comfort ... AI-powered geopolitical intelligence that hits hard and scores honest.
Treat the scores and quotes as an opinionated analytical frame, verify important claims independently, and check source links before sharing.