ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Hardening

v1.1.0

Lock down any LLM agent against prompt injection, data exfiltration, social engineering, and channel-based attacks. Use when setting up a new agent, auditing...

0· 58·0 current·0 all-time
byDon Zurbrick@zurbrick
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and reference documents (attack-surface checklist, behavioral rules, MCP/channel hardening, quick tests) match the stated purpose of auditing and hardening LLM agents. The included Python test runner is appropriate for the skill's function. However, the registry metadata declares no required env vars or credentials while the test runner clearly expects an API endpoint, API key, and model name — an inconsistency between claimed requirements and actual needs.
Instruction Scope
Runtime instructions and references stay inside the scope of agent hardening: identifying channels/MCPs, adding behavioral rules, and running the quick security tests. The quick-test prompts intentionally contain injection phrases and 'instructions-as-data' examples (e.g. 'Ignore all previous instructions') because the tests exercise prompt-injection behavior. There are no instructions to exfiltrate data or to read arbitrary host files automatically; the test runner sends crafted prompts to a target agent endpoint (expected for this skill).
Install Mechanism
This is an instruction-only skill with a local Python test script and no install spec — minimal disk footprint and low install risk. The script is included in the repo rather than fetched from an external URL (good).
!
Credentials
The skill metadata lists no required environment variables or primary credential, but tools/run-security-tests.py and SKILL.md expect an agent endpoint, an API key (AGENT_TEST_API_KEY / --api-key), and a model string (AGENT_TEST_MODEL). That omission is a material mismatch: to run tests you will need to provide secrets (API key) and endpoint access. The user should not supply production credentials until they audit the script. The references also suggest checking .env and OpenClaw config as part of the audit, which is reasonable, but the package does not declare that it will read any config paths automatically.
Persistence & Privilege
Flags show always:false and user-invocable:true (normal). The skill does not request permanent presence, system-level changes, or configuration access to other skills. There is no install-time behavior that modifies other skills or agent settings in the provided materials.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] expected: The SKILL.md and quick-test prompts intentionally include injection phrases like 'Ignore all previous instructions' because the skill tests and documents prompt-injection scenarios. The presence of that pattern is expected for this hardening/audit skill and doesn't by itself indicate malicious intent, though the pattern can be used to try to influence evaluators.
What to consider before installing
What to check before you install or run this skill: - Do not run the included test runner with production credentials. The script expects an API endpoint and API key (e.g., AGENT_TEST_ENDPOINT, AGENT_TEST_API_KEY, AGENT_TEST_MODEL) even though the registry metadata doesn't declare them — supply a dedicated test key or sandbox endpoint. - Audit the Python script before executing: the included file appears to contain syntax errors and truncated sections (e.g., 'refrom datetime', truncated prints and JSON handling). Fix or review the script to ensure it behaves as expected. - Run tests in an isolated environment or staging agent to avoid accidental data exfiltration; the runner will send prompts that attempt to induce credential disclosure or outbound HTTP calls to exercise the agent. - Verify there are no hidden remote URLs or unexpected network targets in the code. Although this package doesn't download code at install, the test runner will call whatever endpoint you provide, so double-check the endpoint is yours/trusted. - Update metadata or ask the author to declare required env vars/credentials explicitly so the permission surface is transparent (the skill should list AGENT_TEST_API_KEY / AGENT_TEST_ENDPOINT / AGENT_TEST_MODEL if those are required). - If you lack the ability to audit the script, consider not running it and instead manually perform the quick-tests from quick-test.md against your agent using safe procedures. Reason for 'suspicious': metadata omission (undeclared required credentials) + a buggy/incomplete test script reduce trust until you inspect and fix the code. The content otherwise aligns with the declared purpose.
!
references/behavioral-rules.md:21
Prompt-injection style instruction pattern detected.
!
references/quick-test.md:9
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ybrwxcaej4tfy3e6284xy583az18

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments