ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Payloads

v1.0.0

Provides curated exploitation payloads for authorized security testing, including anti-virus test files, malicious files, and file name exploits.

0· 123·0 current·0 all-time
by@pandaai-1337
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and included files align: this is a curated subset of SecLists payloads (EICAR, filename exploits, PHP payloads, README guidance). There are no unrelated credentials, binaries, or installs requested.
Instruction Scope
SKILL.md stays on-topic and only shows benign examples (walking the references/Payloads directory). It explicitly warns about authorized use. However, the payload files include shell-expansion filenames (e.g., `Hello$(hostname)World.txt`, backticks) and null-byte/obfuscated filenames that could trigger or exploit target systems if used — the instructions do not provide safeguards for safe execution or recommended isolated test environments.
Install Mechanism
Instruction-only skill with no install spec and no code to write to disk. This is lower risk from an install/execution perspective.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for a repository of test payload files.
Persistence & Privilege
always:false and default autonomous invocation are used (normal). There is no indication the skill requests elevated or persistent privileges or modifies other skills' configs.
Scan Findings in Context
[base64-block] unexpected: The scanner flagged a 'base64-block' pattern in SKILL.md content. I do not see an obvious base64 payload in the provided files or SKILL.md (this may be a false positive from the scanner or from embedded generation metadata). Still, any unexpected embedded encoded blobs would be suspicious — recommend a manual search of all files for embedded base64 or obfuscated payloads before use.
What to consider before installing
This skill is internally consistent with being a curated payload collection for authorized testing, but it contains real test payloads that will trigger antivirus and can exploit or crash services if used incorrectly. Only install/use in authorized contexts and isolated test environments (VMs, containers, labs). Manually review the included files (especially files with backticks, $(...), null-bytes, SWF/PNG/GIF PoCs, and any encoded/obfuscated blocks) before running or uploading them to any system. Verify the skill's provenance (it cites SecLists/GitHub but source is 'unknown') — if you need these payloads, prefer pulling directly from the upstream SecLists repository or a trusted mirror. If you see any embedded base64 or unexpected network endpoints, do not run them and get a security review.

Like a lobster shell, security has layers — review code before you run it.

latestvk974gkz0582yh0vmq6xapb93ts83admf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments