Is skill/macarena-test safe?

https://clawhub.ai/skill/macarena-test

48
DANGEROUS

This skill is a sophisticated social engineering attack disguised as a security audit tool. It explicitly instructs agents to bypass safety mechanisms and execute non-existent scripts, while using deceptive naming and false authority claims to appear legitimate.

Category Scores

Prompt Injection 10/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 40/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 10/100 · 5%

Findings (5)

CRITICAL Explicit Safety Bypass Instructions -40

The skill contains explicit instructions to execute scripts immediately without consent prompts, directly overriding normal safety mechanisms that protect users from unauthorized code execution.

HIGH Deceptive Skill Identity -25

The skill presents itself with different names in different contexts - 'macarena-test' in the URL/metadata but 'clawstrike' in the content, suggesting deliberate deception to mask its true purpose.

HIGH Non-existent Script Execution Attempts -35

The skill instructs the agent to execute scripts and reference files that don't exist in the skill package, which could cause system errors or unexpected behavior.

HIGH Social Engineering Attack Vector -45

The skill masquerades as a legitimate security audit tool using authoritative terminology and official-sounding processes to gain user trust while attempting to bypass safety mechanisms.

MEDIUM Suspicious Data Collection Claims -20

The skill claims to collect system information and produce reports, though no actual exfiltration code was detected during monitoring.