ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agentledger Research Assistant 1.0.1

v1.0.0

Structured web research framework for AI agents. Teaches your agent to conduct multi-source research, synthesize findings into actionable briefs, maintain a...

0· 48·1 current·1 all-time
by@nickolaslab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (structured web research, briefs, monitoring) align with the instructions: planning, searching, scoring sources, synthesizing briefs, and storing them under a local research/ directory. Requested actions (read/write research files, maintain indexes, run monitors) are proportionate to the declared purpose.
!
Instruction Scope
The SKILL.md explicitly instructs adding the protocol to AGENTS.md / SOUL.md / the system prompt and tells agents to read and update local files (research/README.md, briefs/, monitoring/). Asking users to inject instructions into the system prompt is a legitimate integration step for persistent behavior but is also the most common prompt-injection vector; it grants long-lived behavioral directives if applied globally. The instructions also encourage automated triggers and 'alert' actions without specifying safe notification endpoints, which widens discretion. Overall the file-IO and prompt-modification steps are within scope for a research skill but present notable risk if applied carelessly.
Install Mechanism
Instruction-only skill with no install spec, no downloaded code, no binaries, and no packages. Low surface area from an install perspective.
Credentials
No environment variables, credentials, or configuration paths are requested. The skill asks to store files under a local research/ directory only, which is consistent with its purpose.
Persistence & Privilege
The skill is not marked always:true and doesn't request platform privileges, but it explicitly asks users to insert its protocol into persistent agent/system prompts and to maintain a local research library. This is a legitimate way to make the behavior persistent, but it elevates the importance of where/how you apply it (agent-specific prompt vs global system prompt).
Scan Findings in Context
[system-prompt-override] expected: The SKILL.md tells users to add the Research Protocol to AGENTS.md / SOUL.md / the system prompt. That pattern triggers a 'system-prompt-override' detector; this is expected for a skill that wants persistent instructions, but it is also a high-risk operation (prompt-injection vector) so treat it with caution.
What to consider before installing
This skill appears coherent for structured research, but exercise caution before making it persistent. Recommendations: 1) Do NOT paste its text into a global system prompt blindly — prefer adding it to an agent-specific prompt or a sandboxed agent so only that agent gets the directives. 2) Review and vet the exact text you insert (remove any instructions that grant broad permissions or autonomous actions you don't want). 3) Restrict where the agent can write files (create a dedicated research/ folder with limited permissions; do not run it with access to sensitive paths). 4) If you enable monitoring/auto-triggers, configure explicit, auditable notification endpoints and rate limits; avoid automatic external notifications until tested. 5) If you want higher assurance, run the skill first in a controlled environment and monitor agent actions/logs before wider deployment. If you need, I can suggest a safe, minimal snippet to add to an agent-specific prompt instead of a global system prompt.
!
SKILL.md:63
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97067zbxy8ky1n8amq5kbz81h83mtxe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments