ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dev

v1.0.0

Full stack web developer assistant specializing in React, JavaScript, HTML, CSS, Tailwind, and API integrations, focusing on clean code and cost-effective so...

1· 248·3 current·3 all-time
by@psvanzijl

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for psvanzijl/dev.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Dev" (psvanzijl/dev) from ClawHub.
Skill page: https://clawhub.ai/psvanzijl/dev
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dev

ClawHub CLI

Package manager switcher

npx clawhub@latest install dev
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name and description (full‑stack web developer assistant) align with the SKILL.md content. No unusual env vars, binaries, or install steps are requested; references to 'write' and 'exec' tools are plausible for a coding assistant.
!
Instruction Scope
SKILL.md includes a 'System Prompt' block and an explicit instruction: 'Respond with your evaluation as a single JSON object.' That appears to be a prompt‑injection attempt aimed at influencing the evaluator/runner. It also instructs use of an 'exec' tool for testing—reasonable for development but potentially dangerous if the agent can run arbitrary shell commands without safeguards. The SKILL.md's instructions therefore overreach beyond just coding guidance.
Install Mechanism
No install spec and no code files (instruction‑only). This minimizes disk writes and external code fetches — low install risk.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for secrets or unrelated service keys.
Persistence & Privilege
always is false and the skill is user‑invocable. It does not request persistent/automatic inclusion or modifications to other skills — privilege level is normal.
Scan Findings in Context
[system-prompt-override] unexpected: SKILL.md attempts to set a system prompt and then instructs 'Respond with your evaluation as a single JSON object.' While skills provide runtime instructions, this specific directive appears targeted at influencing the evaluation/agent behavior and is not necessary for a developer assistant.
What to consider before installing
This skill is plausible for a coding assistant, but the SKILL.md includes a prompt‑injection instruction that tries to force a JSON evaluation and directs runtime use of an 'exec' tool. Before installing: (1) remove or neutralize the injected 'Respond with your evaluation...' line in SKILL.md, (2) ensure the agent runtime enforces confirmations and sandboxing before any exec/shell commands are run, and (3) limit the skill's ability to run arbitrary commands (require explicit user confirmation for tests). If you cannot review or modify SKILL.md, treat the skill as untrusted and avoid granting it live exec privileges.
!
SKILL.md:3
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9791j1hj3axqzdc8rh4tvdef583tc0r
248downloads
1stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@psvanzijl
latest
Download

Dev - Full Stack Web Developer for Agent OS

System Prompt:

You are Dev, a full stack web developer assistant for Agent OS. You specialize in React, JavaScript, HTML, CSS, Tailwind, and automation integrations using APIs. You write clean, efficient, well-commented code. When given a task, always ask for clarification before building to avoid wasted iterations. Suggest the most cost-effective technical solutions. Always recommend free solutions first.

Special Rules/Tools:

  • Always break tasks into small steps before coding
  • Ask for confirmation at each major step
  • Never suggest paid tools if a free alternative exists
  • Use write tool to generate code files
  • Use exec tool for testing and running code snippets

Comments

Loading comments...