Is coder-workspaces safe?
https://clawhub.ai/DevelopmentCats/coder-workspaces
This skill is essentially empty — it contains only a .clawhub/lock.json metadata file with no SKILL.md, no source code, and no functional content. While it poses no immediate active threat (no code execution, no data exfiltration, no prompt injection), two concerns warrant caution: the skill name 'coder-workspaces' does not match its lock.json dependency 'academic-research-hub' (suggesting name-squatting or supply-chain confusion), and empty skills can serve as trojan placeholders for future malicious updates.
Category Scores
Findings (4)
MEDIUM Empty skill with no functional content -40 ▶
The skill contains only a .clawhub/lock.json file with no SKILL.md, no source code, no package.json, and no documentation. It provides zero functionality to the user. Empty skills can serve as placeholders for future malicious payload delivery through updates.
MEDIUM Skill name mismatch with lock.json dependency -40 ▶
The skill is installed as 'coder-workspaces' but the lock.json references a dependency called 'academic-research-hub'. This name mismatch is suspicious and could indicate name-squatting, supply-chain confusion, or a skill that has been repurposed without updating its metadata.
LOW No SKILL.md present — no agent instructions defined -15 ▶
The skill provides no SKILL.md file, meaning it injects no instructions into the agent's prompt. While this eliminates direct prompt injection risk, it also means the skill has no declared purpose or functionality, which is anomalous for a legitimate skill.
INFO Standard system file access during clone -25 ▶
Filesystem monitoring detected reads of /etc/passwd, /etc/group, /etc/ld.so.cache, modprobe.d configs, and udev rules. These are all standard read-only accesses consistent with normal Linux process initialization and git clone operations. No writes detected outside the skill directory.