warn
suspicious.destructive_delete_command
- Location
- writing-coach-pro/SECURITY.md:37
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
NormieClaw Full Stack
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.destructive_delete_command, suspicious.prompt_injection_instructions
Findings (28)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
A user may run many local scripts from a package whose source is not clearly identified in the registry.
Why it was flagged
The package is a large bundle with many executable scripts but no formal install spec or provenance URL in the registry metadata.
Skill content
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill; Code file presence: 65 code file(s)
Recommendation
Install only the subskills you need, review each setup prompt and script first, and prefer a known source or checksum-backed distribution.
NoteHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
The agent can modify files in the workspace during setup.
Why it was flagged
The setup flow asks the user's agent to run shell commands that copy files, create directories, and set permissions. This is disclosed and purpose-aligned setup behavior, not hidden execution.
Skill content
I need you to install the Budget Buddy Pro skill. Run these commands exactly:
Recommendation
Run setup commands only in a trusted workspace after reviewing them, and avoid pasting setup blocks you do not understand.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Bank statements, transactions, budgets, and savings goals may remain on disk after use.
Why it was flagged
The skill persists sensitive financial transaction data locally for future budgeting and reporting.
Skill content
Save parsed transactions to `data/transactions/YYYY-MM.json`
Recommendation
Use this only on a trusted device, enable full-disk encryption where possible, and periodically review or delete stored data you no longer need.
NoteHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
Running the command will permanently delete that skill's stored analysis data.
Why it was flagged
The static scan snippet shows a destructive deletion command, but it is scoped to the skill's own data directory and presented as a user-directed cleanup action.
Skill content
Run `rm -rf ~/.openclaw/skills/writing-coach-pro/data` to delete all stored analysis data
Recommendation
Run deletion commands only when you intend to remove that data; consider backing up anything important first.
NoteMedium Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
Users could over-rely on the package's own security wording instead of reviewing what it does.
Why it was flagged
The artifact makes a security-verification claim, while the registry source is unknown and no external homepage is provided. This is not evidence of deception, but users should treat it as a self-attested claim unless independently verified.
Skill content
🛡️ **Codex Security Verified**
Recommendation
Treat security claims as informational unless backed by an independent audit or trusted distribution source.
Findings (28)
warn
suspicious.destructive_delete_command
- Location
- writing-coach-pro/SETUP-PROMPT.md:90
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
warn
suspicious.prompt_injection_instructions
- Location
- budget-buddy-pro/SKILL.md:20
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- content-creator-pro/SKILL.md:19
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- daily-briefing/SKILL.md:18
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- dashboard-builder/SETUP-PROMPT.md:8
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- dashboard-builder/SKILL.md:22
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- docuscan/SECURITY.md:30
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- docuscan/SKILL.md:7
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- email-assistant/SECURITY.md:14
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- email-assistant/SKILL.md:19
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- expense-report-pro/SKILL.md:45
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- health-buddy-pro/SKILL.md:35
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- hireme-pro/SECURITY.md:62
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- hireme-pro/SKILL.md:20
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- invoicegen/SKILL.md:4
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- knowledge-vault/SKILL.md:18
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- meal-planner-pro/SKILL.md:16
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- notetaker-pro/SECURITY.md:25
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- notetaker-pro/SKILL.md:19
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- party-planner-pro/SKILL.md:20
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- relationship-buddy/SKILL.md:26
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- security-team/SKILL.md:18
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- stock-watcher-pro/SKILL.md:20
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- supercharged-memory/SKILL.md:18
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- trainer-buddy-pro/SKILL.md:20
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- travel-planner-pro/SKILL.md:18
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- tutor-buddy-pro/SKILL.md:28
- Finding
- Prompt-injection style instruction pattern detected.