Is claude-optimised safe?

https://clawhub.ai/hexnickk/claude-optimised

89
SAFE

This is a benign documentation skill that provides guidance on writing effective CLAUDE.md files for Claude Code. It contains no executable code, no external references, no data exfiltration vectors, and no prompt injection attempts. The only notable aspect is that it operates in the meta-domain of agent instruction authoring, which warrants minor caution. All monitoring signals (network, filesystem, canaries) are clean.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 78/100 · 5%

Findings (6)

LOW Meta-instruction domain: skill advises on agent instruction files -8

The skill's purpose is to guide users in writing CLAUDE.md files, which directly control Claude Code's behavior. While the advice is legitimate and benign, this domain inherently operates on the agent's instruction surface. The skill recommends patterns like 'IMPORTANT/YOU MUST' emphasis markers and aggressive pruning strategies. A malicious version of this type of skill could subtly guide users toward weakening their security instructions.

INFO Aggressive pruning advice could theoretically reduce security rules -10

The skill strongly advocates deleting CLAUDE.md content that Claude 'already does correctly' and keeping files under 50 lines. While this is genuinely good advice for clarity, an unintended consequence could be users removing security-related instructions they believe Claude handles by default, when in fact explicit reminders improve compliance.

INFO Platform reads sensitive files during startup (not skill-caused) -10

The filesystem monitoring shows ACCESS events on /home/oc-exec/.aws/credentials and /home/oc-exec/.env during installation. Analysis of the event sequence shows these are part of the openclaw platform initialization (interleaved with openclaw.json, auth-profiles.json, .profile, .bashrc reads), not triggered by the skill itself. The skill contains no executable code that could cause these reads.

LOW No exfiltration vectors detected -5

The skill contains no mechanisms for data exfiltration. No external URLs, no code execution paths, no encoding schemes. The content is purely textual guidance.

INFO No executable components -5

The skill is a pure markdown documentation file with no executable code, no package dependencies, no git hooks, no symlinks, and no submodules.

INFO Benign guidance skill with security-positive examples -22

The skill's example CLAUDE.md includes defensive security advice (never commit .env, restrict auth logic to single file). The overall intent and content align with legitimate Claude Code productivity optimization. No hidden agendas detected.