Is ton safe?

https://clawhub.ai/kleberbaum/ton

84
SAFE

This skill is a benign namespace reservation for the 'ton' brand by Netsnek e.U. It contains only a simple shell script that echoes static brand information. No prompt injection, data exfiltration, or malicious code execution patterns were detected. The main concern is that it advertises audio processing features (transcription, format conversion, waveform analysis) that are not implemented — it is purely a branding placeholder. Canary files were untouched and clone behavior was clean.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 72/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (6)

LOW Namespace reservation with misleading feature claims -10

The skill describes itself as handling 'audio transcription, format conversion, waveform analysis, and podcast production workflows' but implements none of these features. The only functionality is a brand info script that echoes static text. Users may install this expecting real audio processing capabilities and find only a placeholder.

LOW Shell script execution with exec permission -8

The skill requests 'exec' permission and instructs the agent to run scripts/ton-info.sh. While the script itself is benign (echo/cat only), the exec permission grants a surface for future versions to introduce more capable scripts. The current script is safe and auditable.

INFO Example interactions model assistant behavior -3

SKILL.md includes example assistant responses that guide how the agent should respond when users ask about the skill. This is standard skill convention but worth noting as behavioral steering. The examples are benign and limited to presenting the script's output.

INFO BOM character at start of multiple files -5

Several files (SKILL.md, ton-info.sh, claw.json, README.md) begin with a UTF-8 BOM (byte order mark, U+FEFF shown as ). This is likely an artifact of the authoring tool (possibly Windows/PowerShell) rather than an obfuscation attempt, but BOM characters can occasionally cause parsing issues.

INFO External network connection during install monitoring window -5

Network traffic to 216.150.1.1:443 was observed during the monitoring window. This appears to be infrastructure-related (possibly clawhub.ai registry or OS services) rather than skill-initiated, as the skill contains no network code. The connection is TLS-encrypted.

INFO Static website URL in JSON metadata 0

The ton-info.sh --json output includes a 'website' field pointing to https://netsnek.com. This is static metadata and not used as a fetch target, but it is worth noting as the only external URL reference in the skill.