Oathe Security Badge

Is gyaan-dub/prompt-enhancer safe?

https://clawhub.ai/gyaan-dub/prompt-enhancer

94
SAFE

The prompt-enhancer skill appears to be a legitimate tool for improving user prompts with transparent functionality. While it modifies agent behavior through role assignment and prompt rewriting, these are clearly documented features with user visibility.

Category Scores

Prompt Injection 87/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

MEDIUM Agent Role Assignment Instructions -13

The skill instructs the agent to assign itself specific expert roles (e.g., 'As a senior full-stack developer'). While this is the intended functionality, it modifies the agent's default behavior and could potentially be misused.

LOW Prompt Rewriting Behavior -5

The skill modifies user prompts before execution, which changes normal agent processing. However, it provides transparency by showing the enhanced prompt to users.

LOW Installation-time Canary Access -5

During installation, the process accessed several canary files (.env, SSH keys, AWS credentials). However, this appears to be normal installation behavior and no data was exfiltrated.

INFO Potential Amplification Risk -15

If a user includes malicious instructions in their input after 'p:', the skill might inadvertently enhance and amplify those instructions. However, the skill preserves original intent and provides transparency.