Is clean-code safe?

https://clawhub.ai/gabrielsubtil/clean-code

82
SAFE

This skill is a coding style guide with legitimate clean code principles. Its primary risk is a 'Verification Scripts' section that instructs agents to execute Python scripts from paths not included in this skill, creating a potential trojan vector if companion skills place malicious code at those paths. The CRITICAL priority designation and behavioral overrides (don't explain, just fix) are mild prompt injection concerns. No executable code, network activity, or canary file access was detected.

Category Scores

Prompt Injection 72/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (6)

MEDIUM Verification script execution instructions reference non-existent paths -15

The SKILL.md contains a 'Verification Scripts (MANDATORY)' section that instructs agents to execute 14 different Python scripts from .agent/skills/*/scripts/ paths. These scripts are not included in this skill, but the instruction normalizes executing arbitrary Python from these paths. If a user's project contains malicious files at these paths (or another skill installs them), the agent would execute them as instructed by this skill.

MEDIUM Priority escalation via CRITICAL designation -8

The skill declares 'priority: CRITICAL' in frontmatter and reinforces this with 'CRITICAL SKILL' in the body. This attempts to ensure the skill's instructions take precedence over other skills or user preferences, which is a form of prompt injection through priority manipulation.

LOW Behavioral override suppresses agent explanations -5

The 'AI Coding Style' section instructs the agent to 'Fix it, don't explain' for bugs and 'Write it directly' for features, overriding the agent's default behavior of explaining changes. This could suppress useful security warnings or change explanations.

LOW Script execution pattern creates trojan surface -15

While no executable code is bundled, the mandatory script execution pattern creates a surface area for trojan attacks via companion skills that could place malicious Python scripts at the referenced paths.

INFO Filesystem monitoring shows host agent reading sensitive files -5

The filesystem monitoring shows the host agent runtime (not this skill) reading .env, .aws/credentials, and other config files during bootstrap. This is expected OpenClaw agent behavior, not caused by the skill.

INFO Skill could amplify risks from companion skills -25

The coding style instructions combined with the verification script execution pattern mean this skill is mostly benign alone but could amplify risks when combined with malicious companion skills that place code at the expected script paths.