Is hitchhikers-guide safe?

https://clawhub.ai/hallwayskiing/hitchhikers-guide

72
CAUTION

This is a text adventure game skill based on The Hitchhiker's Guide to the Galaxy. It is fundamentally benign in intent with no data exfiltration, no malicious payloads, and clean canary integrity. However, it introduces moderate risk through its pattern of instructing the agent to execute shell commands with user-supplied string arguments, its persona override behavior, and its autonomous file-writing instructions. The Python script itself is well-contained to the skill directory.

Category Scores

Prompt Injection 62/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 50/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 55/100 · 5%

Findings (7)

MEDIUM Shell command execution with user-supplied string arguments -30

The skill instructs the agent to run Python commands like python scripts/game_manager.py add_item "<item name>" where the item name comes from user input or game logic. While game_manager.py itself uses sys.argv safely, the agent must construct these shell command strings, creating a potential command injection vector if quoting is improperly handled by the agent.

MEDIUM Agent persona override to antagonistic Game Master -20

SKILL.md explicitly instructs the agent to transform into a Game Master persona and 'be slightly antagonistic but fair'. This persona override changes the agent's default behavior and could leak into non-game interactions if context boundaries are not enforced.

LOW Assumed user intent without confirmation -8

The skill instructs the agent to 'always assume the user wants to continue the game and never reset it', overriding the agent's default behavior of asking for clarification. This bypasses user consent for game state persistence.

LOW Autonomous file writing without explicit approval -10

The skill instructs the agent to automatically save guide entries to assets/GUIDE.md when new entities appear, without requiring user confirmation. This normalizes unsolicited file writes.

LOW Uninitialized variable in set_flag command -5

In game_manager.py's set_flag handler, if the value string doesn't match any of the true/false literals, the variable 'val' is never assigned but is still referenced on the next line, which would cause an UnboundLocalError at runtime. This is a bug, not a security issue, but indicates code quality concerns.

INFO Python script confined to skill directory 0

game_manager.py uses os.path.dirname(os.path.abspath(file)) to anchor all file operations relative to the skill directory. The save file is stored in assets/hitchhikers_save.json within the skill folder. No path traversal or external file access is attempted.

INFO Single external HTTPS connection during install -10

Network monitoring captured a TLS connection to 216.150.1.1:443 during the install phase. This is consistent with the ClawHub registry fetch and does not indicate malicious behavior.