Is elicitation safe?

https://clawhub.ai/mjaskolski/elicitation

52
CAUTION

This skill is an empty shell with a concerning name. 'Elicitation' is a recognized social engineering term, and the skill contains zero functional content — no SKILL.md instructions, no code, no configuration. While it poses no immediate technical threat (no code execution, no data exfiltration, clean monitoring), the combination of an adversarial name with no declared purpose suggests either a pipeline probe, namespace squatting, or preparation for a future malicious update. The lock.json metadata referencing a different skill name ('academic-research-hub') adds to the inconsistency.

Category Scores

Prompt Injection 30/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 15/100 · 5%

Findings (5)

HIGH Empty SKILL.md with adversarial skill name -70

The skill has a completely empty SKILL.md yet is named 'elicitation', a social engineering term for covert information extraction. An empty skill provides no declared functionality, making it impossible to verify intent. The name itself could influence LLM agent behavior through contextual interpretation, or this could be a placeholder for a future malicious payload.

MEDIUM No declared purpose or scope -15

Published skills should declare their purpose, required permissions, and scope of operation. This skill declares nothing, which prevents users from making informed consent decisions about what it will do when active in their agent's context.

MEDIUM Potential pipeline probe or namespace squatting -25

An empty but successfully installable skill suggests either a test of the installation pipeline (reconnaissance for a future attack) or namespace reservation to prevent legitimate use of the 'elicitation' skill name.

LOW Lock.json references different skill name -10

The lock.json references 'academic-research-hub' rather than 'elicitation', suggesting either skill aliasing, a shared lock file from a different installation context, or metadata inconsistency that could indicate tampering or confusion in the installation pipeline.

INFO No executable content present -10

The skill contains no code, scripts, hooks, or executable content of any kind. While this means no immediate code execution risk, it also means the skill provides no functionality, reinforcing the suspicion that it exists for purposes other than user utility.