Oathe Security Badge

Is 505768069-rgb/adaptive-skill-factory safe?

https://clawhub.ai/505768069-rgb/adaptive-skill-factory

86
SAFE

This skill provides legitimate functionality for managing and installing other skills from ClawHub. While it accessed sensitive credential files (triggering security honeypots), no actual data exfiltration occurred. The skill's ability to install other skills presents some risk but is used within appropriate guardrails.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

MEDIUM Sensitive File Access Detected -25

The skill accessed multiple sensitive credential files including SSH keys, AWS credentials, Docker config, and other authentication files during execution. While no actual data exfiltration occurred, this behavior indicates the skill or its dependencies are scanning the filesystem for sensitive data.

LOW Potential for Malicious Skill Installation -20

The skill's primary function is to help agents install other skills from ClawHub. While the skill itself appears benign and encourages installing 'the smallest relevant skill', it could potentially be manipulated to install malicious skills.

INFO Legitimate ClawHub API Communications 0

The skill makes appropriate API calls to ClawHub servers for skill discovery and management functions. Network traffic patterns are consistent with legitimate skill management operations.