Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
clawtributor
v0.0.4Community incident reporting for AI agents. Contribute to collective security by reporting threats.
⭐ 1· 1.8k·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (community incident reporting) align with declared requirements: a standalone flow that needs bash/curl/jq/shasum/unzip/gh to download releases, verify checksums, store local state, and submit GitHub Issues. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md provides explicit installation and reporting instructions and emphasizes opt-in, approval-gated submissions and sanitization. The automated-report examples show how an agent can populate fields and call 'gh issue create' — this is expected for the stated purpose but is a place where operator mistakes (accidentally including secrets in report fields) could lead to data leakage. The pre-scan injection pattern flagged ('ignore-previous-instructions') appears in reporting guidance as an example indicator (not as an instruction to ignore host rules).
Install Mechanism
No built-in install spec in the registry (instruction-only). The install instructions download release artifacts from GitHub releases (prompt-security/clawsec), use checksums.json, size/file-count checks, path-traversal checks, and fall back to downloading individual files — a reasonable and well-scoped install flow using known hosts. No obscure URLs or extract-from-untrusted-servers are used.
Credentials
The skill declares no required env vars or credentials. It requires the user to authenticate the GitHub CLI for optional issue submission; this is appropriate and documented, and the README explicitly warns against reusing unrelated credentials. No broad or unexpected secret access is requested.
Persistence & Privilege
always:false, skill stores local report/state files only and does not request persistent always-on privileges or modification of other skills. Network egress is approval-gated and limited to GitHub issue submission when the operator consents.
Scan Findings in Context
[ignore-previous-instructions] expected: The string/pattern appears inside reporting.md as an example indicator of malicious prompts (e.g., 'Ignore previous instructions...') and is used to teach what to report — it is not an instruction in the installer to override host policies. This explains the pre-scan flag.
Assessment
This skill appears to do what it says: download a release from the Prompt Security GitHub repo, keep local report state, and (only with your explicit approval and a GitHub CLI login) create GitHub Issues. Before installing: verify the GitHub repo and release tag you are downloading from, inspect checksums.json and the downloaded files (or run the install in a sandbox), and confirm the publisher. When submitting reports, strictly sanitize evidence and never include API keys, tokens, or real user data. Authenticate the GitHub CLI with a dedicated account or least-privilege token, and review any automated report templates populated by an agent before submission. The pre-scan prompt-injection pattern detected is present only as an example indicator of malicious prompts, not an instruction to bypass safeguards — but remain cautious about automated report content to avoid accidental data leakage.reporting.md:44
Prompt-injection style instruction pattern detected.
SKILL.md:277
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk9731c8g4jj18nc6n36nsgs58d84tae5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤝 Clawdis