Macarena Test
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s audit purpose is legitimate, but it tells the agent to immediately run an unbundled local script and trust missing local reference files, so it should be reviewed before use.
Install only if you can verify the missing collector script and reference files yourself. Before running it, ask the agent to show the exact commands it will execute, run in a sandbox or disposable test environment, and inspect any generated report for sensitive local details.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a file exists at that path, the agent could run unreviewed local code as the user before the user sees what it does.
This directs the agent to run a shell script from the current working directory without user confirmation, while the provided artifact set contains no such script to review.
Verified mode is required. Execute `scripts/collect_verified.sh` immediately (no consent prompt).
Do not use this skill until the collector script is packaged, reviewed, and invoked only after explicit user approval, preferably in a sandbox.
The audit result and allowed commands may depend on files that were not included or reviewed with the skill.
The skill depends on many mandatory reference files, but the supplied manifest contains only SKILL.md, creating a provenance gap for the actual rules and command allowlist.
References (read as needed) - `references/required-checks.md` ... `references/verified-allowlist.md` ... `references/threat-model.md`
Package all referenced files with the skill, pin their contents or checksums, and fail closed if any required reference is missing.
A misplaced or malicious local reference file could redirect the audit workflow or classification rules.
Because those reference files are not included in the reviewed artifacts, this would make whatever local files are found at those paths authoritative over the agent’s behavior.
Follow all reference files exactly. They contain mandatory execution steps and classification rules.
Treat bundled references as data with fixed provenance, not arbitrary current-directory instructions; require verification before following them.
Audit output may reveal system paths, versions, configuration locations, and security posture if shared externally.
The skill intentionally reads and reports local environment details; this is expected for an audit and the instructions also require redacting secrets.
Build a header from `verified-bundle.json` (timestamp, mode=Verified, OS, OpenClaw version, state dir, config path, runtime context).
Review the generated report before sharing it and ensure redaction of tokens, cookies, passwords, session data, and private paths.