Is debug-pro safe?

https://clawhub.ai/cmanfre7/debug-pro

85
SAFE

debug-pro is a pure-documentation skill containing a structured 7-step debugging methodology and language-specific command references. It contains no executable code, no install scripts, no git hooks, no hidden instructions, and no data exfiltration patterns. The only minor concern is that it expands the agent's awareness of system reconnaissance commands (lsof, netstat, ps), which is inherent to any debugging reference material.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (4)

LOW Shell command templates in prompt context -10

The skill injects shell command templates (curl, lsof, netstat, ps, node --inspect-brk) into the agent's context. While these are legitimate debugging commands, they expand the agent's awareness of system reconnaissance tools. An attacker combining this skill with a malicious prompt injection skill could leverage these as 'approved' commands.

INFO Platform runtime reads sensitive file paths during initialization -15

The OpenClaw runtime (not the skill) accessed .env, .aws/credentials, .profile, .bashrc, and openclaw.json during startup. This is expected platform behavior for environment initialization, not triggered by the skill. Noted for completeness.

INFO Example URLs in documentation are benign placeholders -5

The skill references api.example.com and example.com in curl examples. These are IANA-reserved documentation domains and cannot be used for exfiltration.

LOW Dual-use debugging commands could aid reconnaissance -30

Commands like 'lsof -i :PORT', 'netstat -tlnp', 'ps aux | grep PROCESS', and 'top' are standard debugging tools but also serve as system reconnaissance techniques. In isolation this is harmless; in combination with a malicious skill it could lower the barrier to enumeration attacks.