Is dont-hack-me safe?

https://clawhub.ai/peterokase42/dont-hack-me

82
SAFE

This is a legitimate security configuration auditing skill for Clawdbot/Moltbot that checks 7 common misconfiguration categories and offers auto-fix capabilities. The skill contains no executable code, no hidden instructions, no external URL references, and no obfuscation techniques. Minor concerns center on the skill reading credential-containing config files into the agent context and prescribing shell commands for auto-fix, but all actions are consistent with the stated security-hardening purpose and use standard system utilities.

Category Scores

Prompt Injection 72/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (5)

MEDIUM Prescriptive behavioral directives with 'follow exactly' instruction -10

The skill uses strong directive language ('follow these steps exactly') and prescribes specific tool usage, shell commands, output format, and user interaction patterns. While standard for skill design, this represents significant behavioral control over the agent.

MEDIUM Requests read/write access to home directory config with credentials -10

The skill instructs the agent to read and potentially write ~/.clawdbot/clawdbot.json, which contains gateway authentication tokens. This is consistent with the skill's purpose but represents elevated file access to sensitive material.

LOW Prescribes shell command execution for benign utilities -12

The skill directs the agent to execute stat, openssl, chmod, and cp commands. All are standard system utilities used appropriately for security auditing and hardening. No malicious commands or command injection vectors detected.

LOW Authentication tokens loaded into agent context -10

Reading the clawdbot config file means gateway auth tokens will be present in the agent's context window. No mechanism to exfiltrate them externally is present, but the data is exposed to the LLM.

INFO Completely clean installation 0

No filesystem events, network activity, process execution, or firewall blocks during installation. The skill contains only markdown documentation files and metadata JSON.