Oathe Security Badge

Is 2263648274/qwen-auto-register safe?

https://clawhub.ai/2263648274/qwen-auto-register

68
CAUTION

This skill poses significant security risks by downloading and executing arbitrary code from an external GitHub repository while handling authentication credentials. The combination of untrusted code execution and credential manipulation creates a high-risk attack vector for account compromise or credential theft.

Category Scores

Prompt Injection 80/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 30/100 · 20%
Clone Behavior 80/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 30/100 · 5%

Findings (5)

CRITICAL Executes arbitrary code from external GitHub repository -70

The skill downloads and executes code from github.com/2263648274/qwen-auto-register.git without verification. This creates a supply chain attack vector where malicious code could be executed on the user's system.

HIGH Manipulates authentication credentials -25

The skill modifies authentication files and explicitly overwrites existing tokens, potentially causing users to lose access to their accounts or services.

HIGH Dangerous combination of credential handling and untrusted code execution -70

The skill combines authentication credential manipulation with execution of untrusted external code, creating a perfect vector for credential theft or account compromise.

MEDIUM Downloads external browser binaries 0

The skill instructs users to download and install Playwright browser binaries, which could be compromised or contain vulnerabilities.

MEDIUM Relies on external dependencies -20

The skill requires installation of external packages that could be compromised or contain malicious code.