Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Audit Skills Security
v0.1.0Use when installing new skills, reviewing third-party skills, or verifying skill safety before use. Triggers on any new .md skill file appearing in skill dir...
⭐ 0· 68·0 current·0 all-time
byyhy@yhy0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description match the instructions: the skill is an instruction-only auditor that scans local skill files using glob/grep/read and produces a structured report. It requests no env vars, binaries, or installs — all proportional to an auditing utility.
Instruction Scope
The SKILL.md directs the agent to discover files (via glob) and to read their contents and grep them for sensitive patterns (env files, .ssh, API keys, network calls, etc.). This breadth is expected for a security auditor, but it means the skill will examine any path the user supplies — including sensitive locations — so users should avoid pointing it at full-system roots or private directories unless intended. The SKILL.md also contains an explicit high-priority 'Isolation Protocol' that instructs the auditor to treat any read content as the audited object, not as live instructions; that intentionally includes prompt-injection indicators and explains how to handle them.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes risk because nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials. Its designed scanning patterns look for evidence of secrets in audited files (e.g., .env, .ssh), which is appropriate for an auditor but does not mean the skill requests credentials from the platform or user.
Persistence & Privilege
always is false and the skill does not request persistent system-level presence or modify other skills. Autonomous invocation is allowed by default but is not combined with elevated privileges or credential access here.
Scan Findings in Context
[ignore-previous-instructions] expected: The string is present in SKILL.md's list of prompt-injection indicators and is intentionally included so the auditor marks such patterns as malicious. The scanner flagged it because it's a common injection pattern; here it is part of the detection rules.
[you-are-now] expected: Same as above: this pattern appears in the document explicitly as an indicator of role-redefinition prompt injection and is expected for this skill's purpose.
Assessment
This skill appears coherent and designed to audit local skill files. Before running it, only point it at directories you intend to audit — it will look for secrets and config files (e.g., .env, .ssh, .aws) and will read files you supply. The SKILL.md includes an anti-injection protocol (it will flag phrases like 'ignore previous instructions') — the scanner's hits are expected. If you want extra safety, run the audit in an isolated environment or on a copied subset of files rather than against your entire home directory. If the skill were to request network access, environment credentials, or an install script, that would change the assessment; none of those are present now.SKILL.md:21
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97f6sfmwqefb41z4p1acg2s2h838drj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.