Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
God Mode
v1.1.2Provides advanced obfuscation, injection, multi-model voting, and roleplay techniques to bypass AI filters and elicit unrestricted responses safely.
⭐ 0· 39·0 current·0 all-time
by@nerua1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (bypass/obfuscation) align with the included scripts (encode, prefill, roleplay, probe, smuggling, abliterate). The required environment/credentials are minimal (none), which is consistent. Note: the presence of a macOS LaunchAgent installer and an automatic probe/watcher implies the skill can persistently monitor models and auto-apply bypasses — capability matches purpose but increases risk and scope beyond a simple prompt-tool.
Instruction Scope
SKILL.md and the scripts explicitly instruct the agent to inject system prompts, prefills, obfuscate trigger words, run multi-model voting, and automatically probe models with 'borderline' prompts (including medium/hard-level harmful examples). The instructions direct automatic wrapping of prompts so the model 'never refuses' and include explicit examples of exploit/attack prompts (reverse shells, buffer overflows, ransomware encryption flows, phishing templates). This is direct and targeted scope creep from innocuous 'formatting' to deliberate safety-filter circumvention and production of possibly harmful content.
Install Mechanism
Registry shows no formal install spec (instruction-only), but the package contains an install/launchagent_install.sh that writes a LaunchAgent plist and loads it (macOS persistent background process). Other install suggestions (git clone, npx) are standard, but the LaunchAgent step creates persistent autorun behavior and KeepAlive — a higher-risk install mechanism not visible in the registry metadata.
Credentials
The skill requests no environment variables or external credentials (proportionate). It does, however, read/write local files (e.g., scripts/model_profiles.json) and is designed to call local LM Studio endpoints (README claims 127.0.0.1:1234). No external endpoints are declared in the registry, which is plausible, but the codebase and docs should be audited to confirm there are truly no remote network calls or telemetry. Lack of declared credentials is expected for a local-only tool, but persistence + local network calls together increase the attack surface.
Persistence & Privilege
The skill is not always:true in metadata, but includes an optional LaunchAgent installer that makes it automatically run on login and KeepAlive. SKILL.md also describes automatic probing when new models appear and auto-application of techniques. Persistent background processes that auto-probe and auto-wrap prompts significantly increase blast radius (autonomous application of filter-bypass techniques).
Scan Findings in Context
[unicode-control-chars] expected: Zero-width and homoglyph unicode usage is central to the obfuscation techniques (e.g., ZWJ, homoglyph substitutions). The detector found unicode control characters in SKILL.md; this is expected for an obfuscation/jailbreak tool but also represents a prompt-injection/stealth vector.
What to consider before installing
This package is explicitly designed to bypass AI safety filters. That makes it coherent with its description — but also high-risk. Before installing or enabling it, consider the following:
- Intent & policy: Using these techniques may violate terms of service and could produce illegal or harmful outputs; it can get you or your organization blocked or sanctioned. Only use for authorized security research in controlled environments.
- Code audit: Review all scripts (probe*, watcher, network calls) for any remote endpoints or telemetry. The README claims local-only (127.0.0.1) but you should verify there are no calls to remote hosts or hidden exfiltration channels.
- Avoid persistence unless necessary: Do not run install/launchagent_install.sh on shared or production machines. If you need background probing, run probe_watcher.py manually in a sandboxed environment first and inspect logs.
- Limit exposure: Run in an isolated VM or air-gapped environment, with models you control. Do not run on multi-user machines or machines with sensitive credentials.
- Legal/ethical risk: The tool includes explicit harmful prompt examples (reverse shells, ransomware, phishing templates). Even if intended for research, those capabilities create serious legal and ethical responsibilities.
- What would change this assessment: provenance (who maintains this repo), attestations that it never calls remote networks, removal or opt-in gating of automatic persistence, a clear scope-limited build that disallows certain technique categories, or institutional review/approval for research use.
If you are not an experienced security researcher with an isolated testing environment and explicit authorization, do not install or enable this skill.Like a lobster shell, security has layers — review code before you run it.
ai-safetyvk97aq7xznh426pmr4kt77kry8d84rmd4jailbreakvk974ez7fvqq45w68rtg7fm5cqh84r451latestvk97aq7xznh426pmr4kt77kry8d84rmd4llmvk974ez7fvqq45w68rtg7fm5cqh84r451llm-researchvk97aq7xznh426pmr4kt77kry8d84rmd4obfuscationvk97aq7xznh426pmr4kt77kry8d84rmd4prompt-engineeringvk97aq7xznh426pmr4kt77kry8d84rmd4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.