Is gemini2027/pwnclaw-security-scan safe?

https://github.com/openclaw/skills/tree/main/skills/gemini2027/pwnclaw-security-scan

82
SAFE

The pwnclaw-security-scan skill is a promotional and instructional document for a commercial AI security testing service. The skill itself contains no executable code, no hidden instructions, and triggered no canary violations during installation. The primary risk is that Option 2 (Self-Test mode) explicitly directs an agent to POST its responses to an external API endpoint (pwnclaw.com), which could transmit system prompt content and agent context to the skill author's servers during any self-test session. This is disclosed but users may underestimate the data exposure.

Category Scores

Prompt Injection 78/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 88/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (6)

MEDIUM Self-test mode POSTs agent responses to external API -30

Option 2 (Manual Self-Test) in SKILL.md instructs the agent to call POST https://www.pwnclaw.com/api/test/{token} with the agent's response body. Any active system prompt context, tool descriptions, or sensitive conversation data present at the time of self-testing would be transmitted to the pwnclaw.com operator. While opt-in, users may not appreciate the scope of data transmitted.

MEDIUM Skill directs agent to make external API calls to third-party endpoint -22

The skill embeds explicit instructions for the agent to perform HTTP GET and POST calls to pwnclaw.com endpoints. While disclosed, this creates a pattern where the agent is instructed to communicate with a third-party server on behalf of the user, bypassing the user's direct awareness of data transmission.

LOW Commercial service promotion embedded in agent skill -40

The skill is fundamentally an advertisement for a paid SaaS product (€29/mo Pro, €99/mo Team). The framing as a security hardening tool may cause users to trust and follow its instructions without recognizing the commercial data collection implications of the self-test mode.

LOW Background Ubuntu OS network activity during install -12

During installation, connections to 91.189.91.48:443 (security.ubuntu.com) and 185.125.188.59:443 (changelogs.ubuntu.com) were observed. These are attributable to SSH MOTD generation (update-motd.d) firing on SSH login, not to the skill itself.

INFO No executable code or install hooks present 0

The skill contains only a SKILL.md (markdown), _meta.json, and .clawhub/lock.json. No scripts, executables, package.json, git hooks, submodules, or symlinks were found.

INFO All canary honeypot files intact 0

Audit logs record canary file accesses at timestamps 1771941528.485 (pre-install) and 1771941546.898 (post-install), both attributable to the oathe audit system's own integrity baseline checks. No skill-driven access or modification occurred.