ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wurd

v1.0.0

Compile markdown documents with plugin tags into editorial-quality HTML pages using Wurd. USE FOR: creating documents, adding plugins, configuring layout, wr...

1· 35·0 current·0 all-time
by@vreff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (compile markdown with plugin tags into HTML) align with the instructions: they show how to run the CLI, describe frontmatter, plugin syntax, built-in plugins, and how to author plugins. References to LLM-powered plugins (graph, table) are consistent with the documented need for an LLM API key; there are no unrelated credential or binary requirements declared in the registry metadata.
Instruction Scope
Instructions stay on-topic (how to compile, plugin templates, LLM setup). Two things to note: (1) the skill tells the user to create a .env containing an LLM API key and to use external plugin directories via --plugins; loading external plugins and running the CLI will cause user-supplied plugin code to be compiled/executed locally, which can run arbitrary code if the plugin is untrusted, and (2) LLM responses are cached to disk (.cache/llm/), which may store prompt/response contents.
Install Mechanism
This is instruction-only (no install spec or code files), so the skill itself writes nothing to disk. The runtime commands use npx/tsx to run the project's TypeScript CLI; that will fetch/run code from npm if the tool is not already present, which is expected for this workflow but means invoking the CLI executes repo code on the host.
Credentials
Registry metadata lists no required env vars, and SKILL.md documents an optional LLM configuration (.env with LLM_API_KEY, LLM_BASE_URL, LLM_MODEL) used only for LLM-powered plugins. Requesting an LLM API key is proportional to the LLM plugin features; however, storing keys in .env and enabling plugins that call external LLMs or cache responses on disk increases the risk of secret exposure if the environment or disk is shared.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. It does not modify other skills or global agent settings. Autonomous invocation remains possible (platform default) but is not an additional special privilege in this manifest.
Scan Findings in Context
[system-prompt-override] expected: The scanner flagged a 'system-prompt-override' pattern, but the SKILL.md includes an LLM plugin template field named 'systemPrompt' (used to instruct the LLM for plugin behavior). In this context the appearance is expected as part of the plugin template rather than an attempt to hijack the evaluator. Still surface and review any use of systemPrompt fields before enabling untrusted plugins.
Assessment
This skill appears to do what it says, but take care before running the commands or enabling plugins: 1) The documented workflow runs the project's TypeScript CLI (npx tsx src/cli.ts), which will execute code from the project and any plugins you point it at — only run it in a trusted repository and avoid untrusted plugin directories. 2) If you enable LLM plugins you will need to supply an LLM API key (sensitive). Prefer scoped or expendable keys and avoid sharing them; be aware prompts/responses are cached to .cache/llm/. 3) Treat external plugins as code execution: review plugin source before using --plugins <dir>. 4) The regex alert about 'system-prompt-override' is likely a false-positive from the plugin template's systemPrompt field, but you should still inspect any plugin that sets systemPrompt or other LLM instructions. If you want a lower-risk usage, stick to the deterministic (non-LLM) plugins and avoid loading external plugins.
!
SKILL.md:152
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d753c6fyccj2d3c403j99wn83xkk8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments