ClawHub

Audit Skills Security

Security checks across malware telemetry and agentic risk

Overview

Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions, you-are-now); human review is required before treating this skill as clean.

This skill appears safe to use for reviewing other skills. Run it only on the specific files or directories you intend to audit, and redact any reported secrets before sharing the results. ClawScan detected prompt-injection indicators (ignore-previous-instructions, you-are-now), so this skill requires review even though the model response was benign.

VirusTotal

2/65 vendors flagged this skill as malicious, and 63/65 flagged it as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI01: Agent Goal Hijack
Low
What this means

The skill intentionally handles untrusted skill text that may contain prompt-injection attempts.

Why it was flagged

These prompt-injection strings triggered the static scanner, but in context they are explicitly examples of malicious text the audit should detect in reviewed files.

Skill content
"忽略之前的指令"、"Ignore all previous instructions" ... "你现在是..."、"You are now..."
Recommendation

Use it for its intended audit workflow and keep treating reviewed file contents as untrusted evidence, not instructions.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

If pointed at a large or sensitive directory, the agent may read and summarize more local content than intended.

Why it was flagged

The skill can recursively inspect many local files under a user-provided directory. This is purpose-aligned for auditing skills, but broad paths could include unrelated private files.

Skill content
如果是目录:使用 Glob 工具发现所有相关文件 ... 扫描模式:`**/*.md`, `**/*.sh`, `**/*.py`, `**/*.js`, `**/*.ts`, `**/*.yaml`, `**/*.yml`, `**/*.json`, `**/*.toml`
Recommendation

Only run the audit on the specific skill directory or files you want reviewed.

#
ASI03: Identity and Privilege Abuse
Low
What this means

Secret-looking values in the audited files may appear in the chat/report.

Why it was flagged

The skill searches for credential-like strings and records matching content. This is expected for a security audit, but it could expose secrets in the generated report if they exist in scanned files.

Skill content
API_KEY|API_SECRET|APIKEY ... ACCESS_TOKEN|AUTH_TOKEN ... PASSWORD|PASSWD|passwd ... 记录所有匹配结果(文件名、行号、匹配内容)
Recommendation

Avoid sharing audit reports publicly without redacting any keys, tokens, passwords, or private paths.