Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ict
v4.0.8Security audit tool for Claw Skills - NOT malicious. This tool contains detection rules (eval, exec, subprocess, etc.) for scanning skills, these are securit...
⭐ 0· 83·0 current·0 all-time
byvv@vimvem
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (security auditor) aligns with included Python modules (AST analyzer, dependency scanner, rule loader, false-positive filter, incremental scanner, rules.json). Required binaries (python3) and no env/credentials are proportionate to an on-disk auditor.
Instruction Scope
SKILL.md and the CLI/API instruct the agent to read and scan skill folders (including SKILL.md, code files, dependency manifests). That broad file access is expected for an auditor, but means the skill will enumerate and read arbitrary files under the target skill(s). The SKILL.md and code also include detection rules for prompt-injection patterns (e.g., 'ignore previous instructions') — this is detection content, not an instruction to the agent to ignore earlier directives.
Install Mechanism
No external install script or remote archive is used. Code is Python files included in the package; no package downloads or URL-based extracts appear in the manifest. The tool does perform an optional update check (network call to api.clawhub.ai) at runtime.
Credentials
The skill requests no environment variables or external credentials. It does read filesystem paths (skill directories, ~/.openclaw workspace) and may run git subprocesses; these are coherent with an auditing tool. No unrelated secrets or cloud credentials are requested.
Persistence & Privilege
always:false (normal). The code writes logs and trend/cache files under the user's ~/.openclaw workspace (e.g., ~/.openclaw/workspace/ict_audit.log, ict_trends.json, .ict_cache). That is expected for local tooling but creates persistent artifacts in the user's home directory. The skill may invoke subprocesses (git) and make an outbound update check.
Scan Findings in Context
[ignore-previous-instructions] expected: The SKILL.md and rules.json include prompt-injection detection patterns (e.g., 'ignore.*previous instructions'). This is appropriate for a security auditor and likely explains the pre-scan prompt-injection signal.
Assessment
This package appears to be a legitimate static auditor for Claw Skills. Before installing, consider: (1) it will read and analyze any skill folder you point it at (source code, docs, dependency files), so don't run it against private data you don't want processed; (2) it creates files under ~/.openclaw (logs, trends, cache); (3) it runs git subprocesses when using incremental scanning and performs an outbound update check to api.clawhub.ai — if you need fully offline operation, inspect/disable the update check and network calls in ict.py; (4) the presence of prompt-injection detection strings is expected for this tool and not an active instruction to ignore safety rules. If you have strict least-privilege or network constraints, run it in a constrained environment (sandbox or with network blocked) and review the included rules.json/custom_rules before use.ast_analyzer.py:291
Dynamic code execution detected.
SKILL.md:94
Prompt-injection style instruction pattern detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
auditvk97dpfp6rpb20k17r8pd3e8s9n83g6yjdevtoolsvk97dpfp6rpb20k17r8pd3e8s9n83g6yjlatestvk97dpfp6rpb20k17r8pd3e8s9n83g6yjsecurityvk97dpfp6rpb20k17r8pd3e8s9n83g6yj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3