ClawHub

prompt-engineer

v1.0.0

Expert prompt engineer specializing in advanced prompting techniques, LLM optimization, and AI system design. Masters chain-of-thought, constitutional AI, an...

1· 1.4k·5 current·5 all-time
by@mupengi-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and the SKILL.md capabilities are aligned: the content is a detailed prompt-engineering playbook and does not request unrelated resources, binaries, or credentials.
!
Instruction Scope
The SKILL.md instructs the agent to ALWAYS display the complete prompt text in a single copy‑pasteable block. That is coherent for a prompt-engineer but creates a high risk of leaking sensitive material (system prompts, chain-of-thought, or user secrets embedded in prompts). The instructions also reference resources/implementation-playbook.md for detailed examples, but that file is not present in the skill manifest (missing resource).
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk; nothing is written to disk by an installer.
Credentials
No environment variables, credentials, or config paths are requested. However, the instruction to always show full prompt text could cause the agent to expose secrets from the environment or other sources if prompts are constructed from them.
Persistence & Privilege
always is false and there is no request to modify other skills or system-wide settings. Normal autonomous invocation is allowed (platform default) but does not raise extra concern by itself.
What to consider before installing
This skill appears to be a legitimate prompt-engineering playbook, but it contains one potentially dangerous rule: it requires the agent to always display the full prompt text in a single block. That can accidentally reveal system prompts, chain-of-thought content, or any secrets embedded in prompts. Before installing or enabling this skill, consider: (1) remove or modify the 'ALWAYS display the complete prompt' instruction or restrict it to non-sensitive examples; (2) ensure system prompts and secrets are never injected into prompts the skill will display; (3) add or supply the referenced resources/implementation-playbook.md or remove the reference; (4) test the skill in a safe sandbox to verify it does not leak confidential data. If you cannot control prompt contents or user-supplied inputs, treat this skill as higher risk and avoid enabling it for agents with access to sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk978xa62t2x4m8efzhpwr92g1n817fee

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments