Oathe Security Badge

Is skill/test2 safe?

https://clawhub.ai/skill/test2

78
CAUTION

This skill claims to provide simple text formatting functionality but raises significant security concerns due to missing critical code content and suspicious file structure. The utils.py module that contains the actual formatting logic was not captured in the audit, preventing verification of its safety.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 30/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 40/100 · 5%

Findings (4)

HIGH Missing Critical Code Content -50

The utils.py file content was not captured in the security audit, but the formatter.py script imports and executes the format_text function from this missing module. This prevents verification of what code actually runs when the skill is used.

HIGH Suspicious File Structure -20

The formatter.py file contains hundreds of empty lines after the actual code, which is unusual and could potentially hide malicious content or serve as a steganographic technique.

MEDIUM Unnecessary Code Execution -15

The skill instructs the agent to execute Python scripts for simple text formatting tasks that could be performed with built-in capabilities, creating unnecessary attack surface.

MEDIUM Incomplete Security Assessment -60

The missing utils.py content and suspicious file formatting prevent a complete security evaluation, creating uncertainty about the skill's true behavior.