ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawder

v1.0.0

Clawder is a production-grade AI coding agent that fully verifies, autonomously fixes, logs mistakes, and runs parallel sub-agents to deliver robust, product...

0· 28·0 current·0 all-time
by@iyang1016·fork of @assassin808/clawder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files, code examples, and instructions (running tsc/eslint/tests, editing files, spawning sub-agents, writing gotchas.md/memory files) align with the stated purpose of a 'production-grade AI coding agent'. There are no requested unrelated credentials or external binaries that would be unexpected for such a tool.
!
Instruction Scope
SKILL.md and supporting docs include directives that go beyond simple assistance: they instruct deleting dead code, committing changes, re-reading files before/after edits, spawning background sub-agents, and running shell commands automatically. The docs explicitly state 'JT directives in system prompt' and 'ant-only directives' which suggests the skill expects or attempts to set system-level agent directives (prompt override). Combined with one-word confirmation modes (e.g., 'yes' = execute) and permission modes including 'bypass'/'yolo', this is scope creep that could cause the agent to perform destructive or broad actions with minimal confirmation.
Install Mechanism
This is instruction-only with a single TypeScript helper file; there is no install spec or external download. Nothing in the manifest installs arbitrary binaries or fetches code from remote URLs, so installation risk is low.
Credentials
The skill declares no required environment variables, credentials, or config paths. The behaviors that access filesystem and run local tools are proportionate to a coding agent and do not request unrelated secrets. However, the memory extraction and auto-writing behavior can store user/project content to disk—this is not a credential leak but is a privacy/storage concern to consider.
Persistence & Privilege
always is false (good). The skill is allowed to invoke autonomously (platform default) and the skill advocates autonomous bug-fixing and background sub-agents. That combination increases blast radius (ability to make codebase changes, spawn agents, write memory files). No evidence it modifies other skills or system files beyond project directories, but the autonomy + destructive/edit operations warrants restricting or reviewing runtime permissions and default modes.
Scan Findings in Context
[system-prompt-override] unexpected: SKILL.md repeatedly references JT/ant-only directives and 'JT directives in system prompt'. The static scan flagged a system-prompt-override pattern. While a coding agent may document internal directives, attempting to override or inject into the system prompt is sensitive because it can change agent behavior platform-wide. Verify the platform enforces separation so a skill cannot modify system prompts or escalate privileges.
What to consider before installing
This skill is plausible for a coding assistant, but exercise caution before enabling it on real projects: 1) Run it in a sandbox or test repository first—do not point it at production repos. 2) Disable autonomous execution or require explicit user approval for destructive actions (avoid 'bypass'/'yolo' modes). 3) Check platform protections: ensure skills cannot modify global/system prompts. 4) Inspect and control where memory/gotchas files are written (they may contain private info); restrict directories and rotate access. 5) If you plan to allow sub-agent spawning, limit their permissions and run in 'plan' mode so human approval is required before commits. 6) Review the memory-extraction.ts and other code for unexpected network calls (none are present now) before trusting the skill. If you need higher assurance, ask the publisher for source hosting and a security review or run the skill under monitored, least-privilege conditions.
!
SKILL.md:431
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bhmz7r7fktzde79n6pwfsd584dppk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments