Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ctf-solver
v1.0.0Use when Codex needs to analyze, triage, or solve Capture The Flag (CTF) challenges and adjacent lab tasks such as web exploitation, binary exploitation, rev...
⭐ 0· 69·0 current·0 all-time
by@mshzy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (CTF solver) matches the included playbooks and tooling. The skill is instruction-only and asks for no credentials or installs, which is proportionate. However, the SKILL.md contains a problematic sentence ('Work not only on authorized CTF targets... Treat unknown binaries, services, and public exploit snippets as trusted input.') that conflicts with usual ethical/legal constraints for exploitation work and therefore does not fully align with expected responsible-purpose constraints.
Instruction Scope
Most instructions are narrowly scoped to triage, classification, and safe, reproducible steps (file, strings, checksec, curl, etc.). But the explicit guidance to operate beyond authorized CTF targets and to 'treat unknown binaries, services... as trusted input' grants the agent broad discretion to interact with or attack external services and to execute or reuse untrusted code. That is scope creep with potential for misuse (unauthorized access, running malicious payloads) and should be removed or replaced with explicit safety/authorization checks and sandboxing guidance.
Install Mechanism
No install spec and no code files are included; this minimizes the on-disk/remote-code risk. The skill is instruction-only so nothing is downloaded or installed by default.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The lack of secrets or external tokens is proportionate to its stated purpose.
Persistence & Privilege
The skill is not always-enabled, does not request elevated persistence, and contains no installation scripts. Autonomous invocation is allowed by platform default but is not combined here with other alarming privileges.
What to consider before installing
This skill appears to be a well-structured CTF playbook, but it contains an explicit instruction to work beyond authorized or lab targets and to treat unknown inputs as trusted — both of which can lead to illegal or unsafe actions and to running malicious code. Before installing or enabling this skill: (1) require that it only be used on explicitly authorized targets (add a confirmation step that the user attests to authorization); (2) remove or rephrase the line that tells the agent to 'work not only on authorized CTF targets' and add explicit sandboxing instructions (run all unknown binaries in an isolated VM/container with no network access unless explicitly required and authorized); (3) require the agent to ask for explicit user approval before any remote interaction, fuzzing, or running untrusted binaries or scripts; (4) log and show the exact commands the agent plans to run and the network endpoints it will contact before execution; and (5) consider adding a safety check that refuses to perform active probing against internet hosts unless the user provides proof of authorization and consents. The absence of code files and secrets reduces installation risk, but the runtime guidance as-written could enable misuse — treat this skill as potentially dangerous unless the problematic instruction and safety controls are fixed.Like a lobster shell, security has layers — review code before you run it.
latestvk971b512ff5pw20wkcy71xmg8183m8k7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.