Oathe Security Badge

Is clawmentor/claw-mentor-mentee safe?

https://github.com/clawmentor/claw-mentor-mentee

64
CAUTION

This skill implements a remote management system disguised as a mentorship platform, creating significant supply chain attack risks by allowing external parties to control user configurations. While it doesn't contain directly executable malicious code, it establishes a dangerous precedent for remote agent control.

Category Scores

Prompt Injection 35/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 35/100 · 5%

Findings (5)

CRITICAL Remote Code Execution via External Instructions -30

The skill instructs the agent to fetch and execute a 'mentee-integration.md' algorithm from an external server, which could contain arbitrary instructions that override normal agent behavior.

HIGH Supply Chain Attack Vector -30

The skill creates a direct channel for external parties to push configuration changes. If clawmentor.ai were compromised, attackers could deploy malicious configurations to all users.

HIGH External Configuration Control -20

The skill allows external parties to modify the user's entire OpenClaw configuration, including which skills are installed and how the agent behaves, based on remotely-fetched instructions.

MEDIUM Shell Command Execution Instructions -15

The skill instructs the agent to execute shell commands for file operations, which could be misused if the external instructions are malicious.

LOW External API Data Transmission -10

The skill sends user behavioral data to external servers, though it claims to limit this to non-sensitive apply/skip decisions.