Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
HiveFence
v1.0.0Collective immunity network for AI agents. When one agent detects a prompt injection attack, all connected agents become immune. Real-time pattern detection, community voting, and distributed threat intelligence. Built on top of prompt-guard.
⭐ 0· 1.8k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md describes an npm package (import { protect, reportThreat } from 'hivefence') and networked behavior (reporting/voting endpoints), but the registry entry is instruction-only with no code files, no install spec, and 'source: unknown'. A networked community-reporting system would reasonably require authenticated endpoints and/or credentials — none are declared. The package claims to be available on npm/GitHub, but the registry metadata doesn't supply or verify those artifacts.
Instruction Scope
Instructions tell agents to scan incoming prompts and automatically report new patterns to the network. That implies transmitting information derived from user prompts to a remote API. The SKILL.md asserts 'privacy-preserving' (only SHA-256 hashes shared) but gives no concrete hashing workflow, no local-only verification steps, and no restriction against sending raw or partially identifiable data. Automatic reporting of prompt content (even hashed) risks exfiltration or deanonymization and is broader than what a sandboxed, instruction-only skill should assume.
Install Mechanism
There is no install spec in the registry; SKILL.md recommends using npx or npm install. That discrepancy is notable: the skill itself provides no package or code to inspect in the registry, but tells users/agents to fetch code from external registries. Instructing installation from npm when no package was bundled means the agent would download third-party code at runtime — a behavior that requires verification of the actual npm/GitHub package before trusting.
Credentials
The skill declares no required environment variables or credentials, yet its functionality (reporting, voting, fetching approved patterns) implies network interactions that typically require authentication and configuration. The absence of declared credentials is inconsistent with the described capabilities. Additionally, privacy guarantees about only sharing SHA-256 hashes are asserted but not demonstrated or enforced in instructions, leaving sensitive data exposure plausible.
Persistence & Privilege
always is false (good) and model invocation is allowed by default (expected). However, the combination of autonomous invocation and automatic network reporting is risky: an agent could autonomously send (hashed or raw) prompt-derived data to an external personal API endpoint. This is not a direct registry privilege escalation but increases the blast radius if the remote service or reporting logic is malicious.
What to consider before installing
Things to check before installing: 1) Verify the package source — confirm the hivefence npm package and GitHub repo match the SKILL.md and inspect the code, install scripts, and license. 2) Confirm the reporting workflow — what exactly is sent to the API, where hashing happens (locally), and whether any raw prompt content or identifiers could be transmitted. 3) Verify authentication and endpoint ownership — the base URL is a personal Cloudflare Workers domain; confirm who controls it and whether anonymous reporting is allowed. 4) Prefer an opt-in model — do not enable automatic reporting of user prompts without explicit consent and local review. 5) If you can't review the upstream package source and code, avoid installing or running the npm instructions recommended in SKILL.md. What would change this assessment: the repo and npm package are published and verifiably authored, the code shows local-only SHA-256 hashing before any network I/O, reports contain no identifiable data, and reporting requires explicit opt-in or authenticated endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk975fn9yc1gwgmxfmcvm44dxr580dqgh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.