Oathe Security Badge

Is ivangdavila/design safe?

https://clawhub.ai/ivangdavila/design

90
SAFE

This skill is designed to learn and store user design preferences through self-modification of its content sections. While the self-modification capability raises some security considerations, the skill appears focused on legitimate design preference learning with no evidence of malicious behavior, code execution, or data exfiltration.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (1)

MEDIUM Self-modification instructions -25

The skill contains instructions directing the agent to modify sections of the skill file itself based on user interactions and design preferences. While focused on legitimate design preference learning, this creates a potential vector for persistent prompt injection if an attacker could manipulate the agent into writing malicious content into these sections.