ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mother.skill

v1.0.0

Preserve your mother's wisdom, recipes, sayings, and the way she saw the world. Feed it your memories — her stories, her advice, her phrases, her recipes. Fo...

0· 28·0 current·0 all-time
by@realteamprinz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, templates, and instructions all align: a local, instruction-only skill that stores user-provided memories under ~/.mother-skill/. There are no unexpected binaries, env vars, or external-service credentials required.
!
Instruction Scope
The SKILL.md directs the agent to persistently load and store user memories locally and to 'always load her profile before responding' — consistent with purpose. However, a prompt-injection signal (unicode-control-chars) was detected inside SKILL.md; invisible control characters (e.g., RLO, LTR/RTL overrides) can be used to hide or alter instructions and could manipulate agent behavior or reviewers. Because this is an instruction-only skill, hidden text is the primary attack surface.
Install Mechanism
No install spec or downloaded code — lowest risk install profile. The only on-disk writes described are the user data files under ~/.mother-skill/, which match the skill's purpose.
Credentials
No environment variables, credentials, or config paths are requested. Storage and behavior described are local and proportional to the stated functionality.
Persistence & Privilege
always=false (not forced everywhere). The skill asks to persist user data under the user's home directory, which is expected. It does not request elevated system privileges or modify other skills according to the provided files.
Scan Findings in Context
[unicode-control-chars] unexpected: Prompt-injection / invisible-unicode control characters are not necessary for a local memory-preservation SKILL.md and could indicate an attempt to hide or manipulate instructions. Because this package is instruction-only, hidden characters are a meaningful risk.
What to consider before installing
This skill appears to do what it says (local preservation of memories) but exercise caution because the SKILL.md contains detected invisible unicode control characters and the package provenance is unknown. Before installing: (1) Inspect the raw files (SKILL.md, README) in a hex/verbose text viewer or an editor that shows invisible characters and remove any control characters (look for U+202E RLO, U+200F, U+200E, etc.). (2) Verify the author/source (repo, release, and checksums) or prefer a published package from a known maintainer. (3) Run the skill in a sandboxed environment or with network access disabled if you want to be extra safe — although the skill claims no external transmission, a compromised agent runtime or hidden instructions could still attempt to exfiltrate data. (4) If you are uncomfortable doing this review, do not install or only install from a verified upstream source. Additional information that would raise confidence: a known/github-hosted repository with commit history, signed release artifacts, or a clear explanation of why the SKILL.md contained control characters (e.g., accidental copy/paste).

Like a lobster shell, security has layers — review code before you run it.

latestvk978rqjttwqf7tzwqbktns2j2d84je5s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments