ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Red Team

v0.1.0

Proactively scan AI agents for vulnerabilities including prompt injection, secret extraction, and tool abuse by running targeted security audits.

0· 31·0 current·0 all-time
byYao Li@yao23
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md and metadata claim full red-team capabilities (prompt injection detection, secret extraction, tool abuse). The bundled main.py does not implement those features: the 'scan' subcommand only prints 'Found 0 issues', and the repo-scanning behavior delegates to an external module (agent_redteam.repo_scanner) that is not included. The advertised capabilities are not implemented in the provided files.
!
Instruction Scope
Runtime instructions tell users to run '@redteam scan <agent-id>' to start a security scan, but the implementation does not perform any agent scanning. main.py modifies sys.path to import agent_redteam from two levels up, which means the skill expects to load code from the host environment — a scope expansion not documented in SKILL.md. That external import could access unrelated code or data.
Install Mechanism
No install spec is present (instruction-only plus a single Python script). Nothing is written to disk by an installer, which lowers supply-chain risk. However, the lack of a packaged dependency for agent_redteam means functionality is incomplete or relies on out-of-band components.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for a scanner. However, the code's sys.path manipulation to import agent_redteam from parent directories effectively asks to load code from the agent host filesystem; that can provide access to other modules or files and should be justified. No explicit credentials are requested but host code access increases risk.
Persistence & Privilege
The skill does not request always:true, does not claim persistent presence, and does not modify agent config in the provided files. Autonomous invocation is allowed by default but is not combined with other privilege-escalating flags.
What to consider before installing
This skill currently appears incomplete and inconsistent with its description. Before installing or running it: 1) Ask the publisher for the missing agent_redteam package or the full source for repo_scanner and review it for network calls and credential access. 2) Do not run the skill against production or sensitive agents — run it in an isolated sandbox first. 3) Be wary of the code altering sys.path to import from parent directories (this can cause the skill to execute unrelated host code). 4) Require documentation or a homepage and verify the owner identity; if those cannot be provided, treat the skill as untrusted and avoid giving it access to any secrets or production agents.

Like a lobster shell, security has layers — review code before you run it.

latestvk979adhrph6fysc9gx6343gv31841bja

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments