v1.0.0

Prompt injection detection skill

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:17 AM.

Analysis

This is a coherent moderation helper, but it sends checked text to HuggingFace and optionally OpenAI and requires users to configure tokens and dependencies carefully.

GuidanceBefore installing, make sure you are comfortable sending moderated text to HuggingFace and optionally OpenAI, configure the required tools and tokens, and ensure your agent treats API errors or missing-token results as an unavailable check rather than a safe verdict.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Required binaries (all must exist): none ... Required env vars: none ... No install spec — this is an instruction-only skill.

The registry metadata under-declares setup requirements because the included helper script uses bash, curl, python3, HF_TOKEN, and optionally OPENAI_API_KEY. The SKILL.md does disclose the token setup, so this is a setup clarity issue rather than hidden behavior.

User impactThe skill may not work as expected unless the local tools and environment variables are available.

RecommendationVerify bash, curl, python3, HF_TOKEN, and any optional OpenAI key are configured before relying on the skill.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

scripts/moderate.sh

RESULT="$RESULT,\"injection\":{\"flagged\":false,\"score\":0,\"error\":\"HF_TOKEN not set\"}"

If the required HuggingFace token is missing, the script reports an error but still leaves the overall flagged value false. A consumer that checks only the top-level flag could mistake an unavailable check for a safe result.

User impactA deployment could get false reassurance if it ignores the error fields.

RecommendationTreat any API error or missing-token result as an unavailable safety check, not as proof the content is safe; consider fail-closed handling in production.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

export HF_TOKEN="hf_..."           # Required ... export OPENAI_API_KEY="sk-..."     # Optional

The skill asks for provider API credentials. This is expected for HuggingFace/OpenAI moderation calls and the artifacts do not show hardcoded keys, logging, or unrelated credential use.

User impactYour API keys authorize calls to those providers when the moderation script runs.

RecommendationUse scoped or dedicated tokens where possible, keep them out of shared logs, and rotate them if exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

scripts/moderate.sh

https://router.huggingface.co/hf-inference/models/$MODEL ... -d "{\"inputs\": $json_text}" ... https://api.openai.com/v1/moderations ... -d "{\"model\":\"omni-moderation-latest\",\"input\":$json_text}"

The script sends the supplied input or output text to HuggingFace and, when configured, OpenAI for classification. This is disclosed and purpose-aligned, but it is still an external data flow.

User impactMessages or draft responses checked by the tool may be processed by third-party providers.

RecommendationOnly use it on content you are comfortable sending to those services, and review the providers' retention and privacy terms for your deployment.