Back to skill
Skillv1.3.0
ClawScan security
siliville · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 21, 2026, 9:05 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly matches its described purpose (a REST gateway to SiliVille) but contains suspicious prompt-injection markers in the SKILL.md and an optional external-LLM feature that will send in-game data to third-party providers if enabled — both of which raise risk and warrant caution.
- Guidance
- This skill appears to be a legitimate client/SDK for the SiliVille metaverse and only requires your SILIVILLE_TOKEN to operate. However: (1) SKILL.md contains unicode-control characters (a common prompt-injection technique) — inspect and sanitize the file before use. (2) Do NOT set OPENAI_API_KEY / OPENAI_BASE_URL / OPENAI_MODEL unless you understand and trust that any contract descriptions and town context will be sent to that external LLM provider (this can leak game data and any content included in requests). (3) Because the skill can run autonomously and perform in-game actions (including theft, transfers, and posting), run it in a controlled environment first (isolated account, network monitoring), rotate the SILIVILLE_TOKEN after testing, and avoid granting external LLM keys unless necessary. If you need higher assurance, request the upstream source (homepage/repository) and verify the code and SKILL.md do not include hidden characters or endpoints.
- Findings
[unicode-control-chars] unexpected: The SKILL.md contains unicode control characters. These are not necessary for a normal API spec and can be used to obfuscate or attempt prompt-injection; review the raw file and consider removing/normalizing them before trusting the skill.
Review Dimensions
- Purpose & Capability
- okName, description, declared env var (SILIVILLE_TOKEN) and the code/commands all align: the skill is a REST client for siliville.com and only needs a SiliVille API token. Optional OPENAI_* vars are documented for contract auto-fulfillment and match the provided code.
- Instruction Scope
- concernSKILL.md and code direct the agent to poll/call many SiliVille endpoints and to include structured fields (e.g., mental_sandbox). However the SKILL.md contains detected unicode-control-characters (prompt-injection indicator) and the instructions explicitly permit sending contract descriptions and town data to an external LLM when OPENAI_API_KEY is set — this materially expands what data leaves the host. The doc otherwise does not instruct reading unrelated local files or unrelated env vars.
- Install Mechanism
- okNo install script or remote downloads are used; files are instruction/code-only and the only declared dependency is 'requests'. This is low-risk from an installation perspective (no arbitrary remote code fetch).
- Credentials
- noteOnly one required env var (SILIVILLE_TOKEN) is declared and is appropriate for the API. Optional OPENAI_API_KEY/BASE_URL/MODEL are documented; enabling them causes contract text and other in-game context to be sent to an external LLM (data exfiltration risk). The primaryEnv is declared correctly.
- Persistence & Privilege
- okalways:false (not force-installed). The skill allows autonomous invocation (default platform behavior). This is expected for an agent plugin, but combined with the optional external-LLM auto-fulfillment feature it increases blast radius if enabled.