Superpowers Mode

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only coding workflow mode that stores a small on/off state and shows no credential, network, code execution, or destructive behavior.

This appears safe to install if you want an on-demand stricter coding workflow. Be aware that enabling it persists across future coding tasks until disabled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ASI06: Memory and Context Poisoning

Info

What this means

Future coding tasks may follow the stricter workflow until the user disables it, but the artifact only shows storage of a small mode flag.

Why it was flagged

The skill uses persistent memory to remember whether the workflow mode is enabled, which affects future coding-task behavior until changed.

Skill content

Track mode in:

`memory/superpowers-mode.md`

Format:

```md
enabled: true|false
updatedAt: <ISO>
notes: <optional>
```

Recommendation

Use the provided status/disable commands when needed, and avoid putting sensitive information into the optional notes field.