ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Matrix Infiltration

v1.0.0

Context-adaptive adversarial situational analysis. Agent Smith maps social environments, detects conversational openings, identifies resistance patterns, and...

0· 34·0 current·0 all-time
byMauricio Z. Filho@mzfshark
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, declared inputs (chat_log, thread, community_context) and outputs align with an adversarial social-analysis tool. The skill does not request unrelated credentials or binaries. However, it uses fictional targeting placeholders ($NEURONS, Morpheus) and the manifest owner metadata is inconsistent with the registry owner ID, reducing provenance confidence.
!
Instruction Scope
SKILL.md explicitly instructs the agent to identify weak points and 'what Smith exploits' and to adopt a 'predatory' tone. Although it contains a safety note forbidding deception, the core directives give broad latitude to surface exploit vectors and optimization strategies that could be used offensively. It also expects raw conversation data (potentially sensitive) but gives no guardrails about redaction or consent. The placeholder $NEURONS is referenced but not defined.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest installation risk (nothing written to disk by the skill itself).
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to an analysis-only tool. Note: required inputs are conversation artefacts which may contain sensitive personal data; the skill gives no guidance about limiting or anonymizing such inputs.
Persistence & Privilege
always:false (no forced persistent presence). Model invocation is allowed (default), which is normal. The skill does not declare any capability to modify other skills or system settings.
What to consider before installing
This skill is coherent with an adversarial social-analysis purpose but carries real misuse risk. Before installing: 1) Consider provenance — source is unknown and metadata owner IDs differ; avoid installing from untrusted authors. 2) Limit inputs to public or fully anonymized data; do not feed private chat logs or personal data without consent. 3) If you keep it, restrict autonomous invocation (require explicit user invocation only) and add guardrails rejecting any output that recommends deception or impersonation. 4) Ask the publisher for provenance, a defined list of expected input types, and clarification of the $NEURONS placeholder and mission intent; if you cannot verify intent and provenance, do not install. Finally, check legal/ethical policies in your organization: this skill’s phrasing ('what Smith exploits', 'predatory') indicates a high potential for harmful use even if framed as defensive.

Like a lobster shell, security has layers — review code before you run it.

betavk973403qmnnbm3yf1f3wnvvatd83z3r8latestvk973403qmnnbm3yf1f3wnvvatd83z3r8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments