Skillv1.0.0

ClawScan security

Mao Emperors · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 11:26 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent with its stated Multi‑Agent decision‑support purpose and has no technical requirements, but a detected prompt‑injection signal (unicode control characters) and strongly ideological / potentially coercive recommendations warrant caution before installing.
Guidance: This skill is coherent with its advertised role (a Multi‑Agent decision helper) and has low technical footprint (no installs, no env vars). However: 1) SKILL.md contains detected unicode control characters — open the file in a hex or raw‑text view and remove/verify any hidden characters before enabling it. 2) The content is explicitly ideological and includes examples that recommend harsh or coercive measures; be cautious using its outputs for real policies, legal actions, or anything that could harm people. 3) Verify the author/repository (the GitHub link is a placeholder) and test the skill in a restricted environment (no autonomous runner, low privileges) using safe prompts first. If you plan to allow autonomous invocation, consider restricting its permissions and monitoring outputs closely.
Findings: [unicode-control-chars] unexpected: SKILL.md contains unicode control characters. For an instruction‑only skill this is unexpected: such characters are commonly used to obfuscate text or perform subtle prompt‑injection. This could be benign (formatting artifacts) but should be inspected and removed/decoded before trusting the skill.

Review Dimensions

Purpose & Capability: okName/description (Multi‑Agent, Mao + five historical emperors) match the included files (SKILL.md, agent role docs, examples). No unrelated binaries, env vars, or installs are requested — the declared purpose fits the actual artifact.
Instruction Scope: noteSKILL.md is an instruction‑only runtime spec describing agent roles, output format, and example prompts — all within the stated domain. However the content is explicitly ideological and occasionally advocates strong/coercive measures in examples (e.g., rhetoric about severe punishment, 'guns bring power' phrasing). While not a direct runtime instruction to access hosts/credentials, these policy/retribution recommendations could produce harmful or extreme advice if used as-is. Also the pre‑scan flagged unicode control characters inside the SKILL.md (possible prompt‑injection/obfuscation attempt) — inspect for hidden characters before trusting outputs.
Install Mechanism: okNo install spec and no code files that execute downloaded artifacts; this is instruction‑only which reduces technical install risk. There is documentation referencing ClawHub/Claw CLI for publishing, but that is standard docs, not an installer.
Credentials: okThe skill requires no environment variables, binaries, or credentials. Requested capabilities are purely documentation/agent behavior; there is no disproportionate access to secrets or system config.
Persistence & Privilege: okFlags show always:false and normal autonomy settings. The skill does not request permanent presence or modify other skills/config; there is no evidence it writes persistent credentials or system‑level changes.