ClawHub
Back to skill
v1.0.0

Payloads

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:56 AM.

Analysis

Prompt-injection indicators were detected in the submitted artifacts (base64-block); human review is required before treating this skill as clean.

GuidanceInstall this only if you need security-testing payload references. Expect antivirus tools may flag the EICAR file, and handle command-like filenames and PHP/null-byte payloads as potentially hazardous test data. Do not upload, execute, or apply them outside an authorized and controlled environment. ClawScan detected prompt-injection indicators (base64-block), so this skill requires review even though the model response was benign.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Use this skill when you need:
- Anti-virus testing
- File upload testing
- Path traversal testing
- Security control validation

The skill is explicitly intended to provide payloads used to test security controls. That is dual-use, but it is disclosed, coherent with the description, and accompanied by authorization guidance.

User impactIf used against systems without permission, these payloads could support unauthorized testing or disruption.
RecommendationUse only for systems you own or are explicitly authorized to test, and keep the testing scope documented.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
references/Payloads/File-Names/exec/Hello$(hostname)World.txt
$(hostname)

This payload uses shell command-substitution syntax as data and in the filename path. The skill does not execute it, but careless shell handling or vulnerable tooling could interpret similar payloads unexpectedly.

User impactCopying these filenames or contents into shell commands, upload handlers, or vulnerable test environments without proper quoting and isolation could cause unintended behavior.
RecommendationTreat the files as test payload data, quote paths carefully, and use them only in controlled security-testing workflows.